02·Input validation and output sanitization: what works, what does not — why blocklists fail

Introduction

The simplest approach to protecting an LLM — a list of forbidden words (blocklist) — sounds reasonable but fails in predictably consistent ways in practice. This lesson analyses effective input validation techniques (intent detection, ML classifiers, structural context constraints) and output sanitization (PII redaction, format verification, extrapolation detection), and above all explains why blocklists are fundamentally inadequate in generative systems.