Model Output Sanitization

Tier 1 MODEL
ISO A.9 NIST MS-2 OWASP LLM02 OWASP ASI06

What This Requires

Filter, validate, and sanitize all AI model outputs before they are rendered to users, passed to downstream systems, or executed as code. Output sanitization must prevent cross-site scripting (XSS), SQL injection, command injection, unauthorized data disclosure, and the propagation of harmful or manipulative content through AI-generated responses.

Why It Matters

AI models generate free-form text that may contain executable code, markup, or structured data that downstream systems interpret literally. An unsanitized model output containing JavaScript, SQL fragments, or shell commands can be executed by web browsers, databases, or automation pipelines, creating a remote code execution pathway that bypasses traditional application security controls entirely.

How To Implement

Output Encoding and Escaping

Apply context-appropriate encoding to all AI outputs before rendering. HTML-encode outputs displayed in web interfaces, parameterize outputs used in database queries, and escape outputs passed to shell commands. Never concatenate raw model output into executable contexts.

Content Safety Filtering

Deploy a post-generation content safety classifier that evaluates outputs for harmful content categories (violence, hate speech, self-harm, illegal activity). Block or flag outputs that exceed defined safety thresholds. Maintain category-specific thresholds that can be tuned per use case.

Structured Output Validation

When AI outputs are expected in structured formats (JSON, XML, function calls), validate outputs against strict schemas before processing. Reject malformed outputs and log schema violations. For tool-calling AI agents, validate that returned function parameters match expected types and value ranges.

Output Monitoring and Feedback Loop

Implement real-time monitoring of output quality and safety metrics. Track rates of blocked outputs, safety classifier activations, and user-reported issues. Feed monitoring data into model fine-tuning and prompt engineering improvements on a monthly cycle.

Evidence & Audit

  • Output encoding and escaping implementation documentation per rendering context
  • Content safety classifier configuration and threshold settings
  • Blocked output logs with classification reasons
  • Structured output schema definitions and validation error logs
  • Output quality and safety monitoring dashboards
  • User-reported output issue logs and resolution records
  • Monthly output quality improvement reports

Related Controls

Adversarial Input Defense PII Minimization in AI Outputs AI Transparency and User Disclosure