Article Content The most critical vulnerability in modern AI systems is the implicit trust placed in model output. We treat the output of an LLM as “code” or “data” and execute it directly. In any other field of computing, this is the equivalent of eval() on unsanitized user input.
The “Trusted Input” Fallacy We are taught to never trust user input. Yet, when we generate that input using an LLM, we seem to forget this rule. We assume that because the LLM is “intelligent,” its output is structured and safe. This is a category error.
The Rejector Pattern Deterministic validation is the process of applying strict schemas to model output. If the output does not conform to the schema, it is rejected. Not “corrected,” not “parsed leniently”—rejected.
Plaintext
+-----------+ +-------------------+ +-----------+
| AI Output | ----> | Schema Validation | ----> | Execute |
| (Raw) | | (Deterministic) | | |
+-----------+ +-------------------+ +-----------+
|
v
[ Reject Log ]
Schema-First Design The interface between your AI and your system should be defined by a rigid schema (e.g., Protobuf, JSON Schema, or Zod). If the AI model deviates from the schema, the error should be handled at the pipeline level. This forces the model to learn the schema rather than forcing the system to adapt to the model’s unpredictability.
Building Trust Boundaries By treating AI output as untrusted input, we create a clear trust boundary. Inside the boundary, we have our deterministic systems. Outside the boundary, we have our probabilistic AI. The validator is the gatekeeper.
Conclusion Determinism is not the enemy of intelligence; it is the enabler of reliability. We cannot expect AI to be inherently reliable, but we can build reliable systems that wrap unreliable AI.