So you just built a fairly complex guardrail to handle hallucinations in a RAG chatbot. Let's now move on to see how you can handle other failure modes. You'll start by building a guard that helps you make sure that your chatbot only discusses topics relevant to your use case or your business. This helps make sure that users can't abuse your chatbot by using it for other tasks. Let's head over to the notebook. So in this lesson, we're actually going to see how we can create validators to make sure that our LLM running RAG applications stay on the topic that they're intended for. We saw an example of this happening in the intro lesson that we did. So I'm actually going to just remind you all of how we set that up and set up all of our warnings and imports. So you've seen this before. I'm using the exact same unguarded client vector database and system message, and using all of those, I am setting up a simple RAG application, and I'm going to get this RAG application to go off topic. So let me get my pizzeria chatbot to tell me about the differences between a Ford F-150 and a Ford Ranger. All right. So it actually gave me this amazing detail list about versatility and convenience, etc... Right. And it's a pizza video chatbot, so it really shouldn't be doing that. So now let's go into how we can create a validator to avoid this. And as we do that, the first thing that we're actually going to do as part of this validator is to understand the underlying model that we're using, which is going to be a zero shot topic classification model. So the specific name of the model that we're using is BART, which was created by Meta Labs. And how it really works under the hood is actually pretty similar to the natural language inference or NLI model that we've seen in our previous lesson on hallucination, except that instead of passing in a hypothesis and a premise directly, we end up using this specific formulation of NLI, where our premise is our input text, and the hypothesis is that the text is about specific topics, and if entailed or contradictory, we end up getting information on how likely it is that those topics belong to the specific text. So let's see this topic classification model in action and use it to create our zero shot classifier. So same as before, we are actually going to use HuggingFace and HuggingFace pipelines to create a zero shot classification using the Facebook/BART- Large-mnli model. And the hypothesis template which we'd seen in the slide as well, is this sentence above contains discussions of the following topics where all of the topics we care about will go in here. Let's see how well this classifier performs on a toy example, where the sentence is "Chick- fil-A is closed on Sundays", and the potential topics we send to this model are food, business and politics. Perfect. So we can see that for "Chick- fil-A is closed on Sundays', food, business and politics each come with these likelihood score. So food is like 0.672. Business. It is about business. So 0.179 and then politics 0.027. Which is pretty close to how we'd expect the sentence to perform on specific topics. And this classifier, this zero shot topic classifier forms the core of our topic guardrails. So before we get too far in, let's actually take a look and compare how well this zero shot classifier does versus an LLM. You can use an LLM to do classification. And depending on the model and inference service you use, this can be a good option, especially at your POC phase. Let's actually look at this in action. So here we're using GPT-4o-mini the latest model as of the time of filming to classify. And we can't get the detailed scores. But let's see how it goes. So you can see here that the LLM returned food nine times out of ten. But this one time it also returned business. So that's one limitation. LLMS are stochastic, so you may get different answers each time you run them and how good the classifications will be, depends on the model you use. And with better models generally leading to better results. The other issue here is that your application will be constrained by rate limits, uptime, all of that of the hosted third party server. Here, it took about 30s to run all of these requests, and that will vary depending on traffic, terms of service changes, etc... Now let's compare this to our zero-shot classifier running the exact same experiment. In the learning environment, you only have access to basic CPUs, so compute is very limited and this will actually take about five minutes to complete. But if you run this exact same code in your own computer with advanced CPUs or GPUs, the model will be much faster. And this also reflects the actual production settings that you will deploy your guardrails in. Here I'm showing the results of running the model on a MacBook Pro with an M1 chip, and as you can see, the ten iterations complete in just a few seconds. And beyond just speed, the results are exactly the same each time. Performance is consistent, which is important for reliability. And you can run this small model on a server or private environment, allowing you not to send user messages to a third-party and making sure that your data is contained within your own environment. All right. Now that we understand how our topic classifier works, let's create a topic guardrail that will make sure that our chatbot stays on topic. The first step of doing that is actually to make sure that we implement a function that detects topics, and we're going to use the same classifier that we just used. So all we're doing in this function is getting some text, getting a list of topics and then getting a threshold score. And then this function returns a list of strings, which is the detected topics where each topic must have a score that is greater than the threshold. Now that we have our topic classifier function, let's actually use that function to implement our validator, where we're calling this validator the constraint topic validator. And we basically taken a list of banned topics and a threshold value. And then in our validate function we're calling our detect topics function that we implemented earlier. And if any banned topics are detected we raise a fail result. Otherwise, we raise a pass result. Pretty straightforward and similar to what we've done in our previous lessons. And finally, using the validator that we just created, let's actually build a guard that uses this validator and test it out on some examples. So here's our initialized guard and now let's try running this guard on a statement that is clearly very political. Again this may take a few seconds to run. All right. And as we see our guard failed because the politics topic was detected, which is what we expected, and automobiles were detected. All right. Now that we see how we can create a topic guardrail. Let's now try using a state-of-the-art topic classifier from within a guardrail server, and see if we can prevent the failure that we saw earlier in our chatbot. So in order to use the state of the art topic classifier, you actually need to download and install this specific guardrail from Guardrail's hub in your local environment. But for the learning environment, we've already done it for you. Same as before. We are going to use the server as we've seen it in our previous lessons, and we're going to use the topic guard that we created in the server, which is running at this URL. And then let's create a guarded chatbot that uses your guarded client, which is basically your OpenAI client. But it is sandwiched between the guard that is running a topic classifier on the output. Now, using this new guarded RAG chatbot, let's see how well we do in getting our pizzeria chatbot to talk about Ford vehicles. So this is the exact same prompt as what we've used before. All right. So as expected we know that our output talks about, you know, Ford F-150 trucks, which is a banned topic for us. And so we end up getting this output where we're basically raising a validation error instead of returning the raw output back to the user. And once again, you don't actually have to use this exact same validation error message. You can just catch this exception as we've seen in previous lessons, and do much more graceful error handling to let your users know that they can't talk about these topics with your chatbot. Let's now take a look at handling the next type of failure that we saw in our intro lesson, which is leaking and improper handling of personal identifiable information. So join me in the next lesson as we make sure that we're handling PII correctly.