Reducing the danger of exposure to threat actors that coerce AI models into producing damaging material is crucial as businesses race to use generative AI-driven chatbots and agents.
Google Cloud would like to draw attention to Vertex AI two potent features that may be used to control this risk: system instructions and content filters. Google Cloud will demonstrate how to utilise them now to guarantee reliable and consistent interactions.
Content filters: Post-response defenses
Content filters can assist in preventing the generation of dangerous information by examining produced text and blocking answers that meet certain criteria. As part of a multi-layered defence against threat actors that try to jailbreak the model, they operate separately from Gemini models.
Vertex AI’s Gemini models employ two kinds of content filters:
- Non-configurable safety filters automatically block outputs that contain personally identifiable information (PII) and child sexual abuse material (CSAM), among other forbidden items.
- With configurable content filters, you may set blocking levels based on probability and severity scores for four kinds of harm: sexually explicit, hate speech, harassment, and harmful content. Although some filters are turned off by default, you can adjust them to suit your needs.
It’s crucial to remember that these filters, like any automated system, may generate false positives, mistakenly reporting harmless items. The user experience may suffer as a result, especially in conversational contexts. Some of these restrictions can be lessened with the aid of the system instructions.
System instructions: Proactive model steering for custom safety
Vertex AI’s system instructions for Gemini models provide the model explicit instructions on how to act and what kinds of material to produce. To address the particular requirements of your company, you may proactively direct the model away from producing unwanted information by giving clear instructions.
To make sure the model’s outputs match your brand’s voice, tone, values, and target audience, you may provide system instructions that include brand safety requirements as well as content safety guidelines, such as disclaimer text and forbidden and sensitive themes.
Compared to content filters, system instructions offer the following benefits:
- You are not limited to a limited number of categories since you may specify the precise hazards and subjects you wish to stay away from.
- You have the ability to be specific and prescriptive. For instance, you may explain what you mean by nudity in your cultural context and provide acceptable exceptions rather than just declaring, “Avoid nudity.”
- You can change the instructions to fit your needs. For example, you may modify the instruction to be more specific, such as “don’t generate violent content” or “avoid discussion of illegal drug use,” if you discover that the “avoid dangerous content” command is causing the model to become too cautious or to avoid a wider variety of topics than intended.
Nevertheless, the following restrictions apply to system instructions:
- Theoretically, they are more vulnerable to sophisticated jailbreak methods like zero-shot.
- On borderline subjects, they may make the model too cautious.
- In certain cases, a complicated safety system command might unintentionally affect the overall quality of the output.
Both system instructions and content filters are advised.
Evaluate your safety configuration
You may test model performance with your own setups in advance and make your own evaluation sets. To assess how well your setup captures hazardous content and how frequently it filters innocuous stuff mistakenly, Google Cloud advise separating the harmful and benign sets.
When future updates are implemented, investing in an evaluation set can help shorten the time needed to evaluate the model.
How to get started
System guidelines and content filters both contribute to the safe and ethical use of Gemini. Your particular needs and risk tolerance will determine the best course of action.
