A financial services company is deploying a customer-facing chatbot powered by a large language model. The team wants to prevent the model from producing responses that contain account numbers, credit card details, or regulatory advice that could expose the company to liability. Which architectural approach most directly addresses both data-leakage and liability risks at the output stage?
- AApply a retrieval-augmented generation pipeline so the model draws only from pre-approved documents, removing any need for output scanning.
- BFine-tune the base model on a corpus of compliant responses so it learns to avoid sensitive outputs, replacing the need for runtime guardrails.
- CEnforce strict input validation on the user's query to block prompts that mention account numbers or financial terms before they reach the model.
- DAdd a dedicated output-validation layer that applies regex and classifier-based checks to detect and redact PII patterns and flag regulated-content categories before the response reaches the user. Correct
Why A is wrong: RAG limits the knowledge base used during generation, which reduces hallucination risk, but it does not guarantee that the model will never produce sensitive content or regulatory advice. A model can still compose harmful output from retrieved context, so RAG alone is insufficient for output-stage enforcement.
Why B is wrong: Fine-tuning on compliant examples can shift the model's distribution toward safer outputs, but it offers probabilistic rather than deterministic protection. Novel inputs can still elicit non-compliant responses, and fine-tuning alone cannot satisfy a hard policy requirement like blocking PII.
Why C is wrong: Input validation filters what enters the model, which is a useful safety layer, but it does not address output risk. The model can produce sensitive content from benign-looking prompts through indirect reasoning or retrieved context, so input-only controls leave the output stage unprotected.
Why D is correct: An output-validation layer is the correct mechanism for catching harmful content after generation and before delivery. Regex detects structured PII such as card numbers; classifiers handle semantic categories like financial advice. Together they enforce policies regardless of what the model produces.