Output guard

An output guard is a deterministic check applied to a language model's response before it reaches the user — validating JSON shape, blocking unsafe content, refusing if confidence is low, or rewriting failures.

Output guards complement input guardrails by inspecting and gating model output. Common output guards in 2026: JSON-schema validation (reject malformed), safety classifier scan (block toxic / leaking PII), confidence threshold (refuse if the model self-reports low confidence), action authorisation (require human approval for destructive tool calls), and length / format checks. Layered output guards are the production norm for any LLM feature that takes real traffic. They turn "trust the model" into "verify the model".

When to use output guard

• Any production LLM feature.
• Agent loops where tool actions are destructive or expensive.

Common mistakes

• Output guard that only blocks — provide a fallback path so users aren't stuck.
• No metrics on guard fires — you don't see degradation when guards start blocking real content.

FAQ

Related terms

• Guardrails — Guardrails are deterministic checks layered around a language model to prevent unsafe, off-topic, or non-compliant outputs from reaching the user.
• Safety classifier — A safety classifier is a small specialised model that scores LLM input or output for unsafe categories — toxicity, PII, prompt injection, jailbreak, NSFW — so the application can refuse, rewrite, or escalate.
• JSON mode (structured output) — JSON mode forces a language model to emit only syntactically valid JSON, usually conforming to a schema you supply.
• Structured output — Structured output is any production prompt pattern that forces a language model to return data in a deterministic, machine-parseable form (JSON, XML, custom).

Last updated: 2026-06-01. Raw markdown: https://promtable.com/glossary/output-guard.md.