In a demo, an AI hallucination is funny. In production, it is a liability. If your medical bot invents a cure, or your fintech bot invents a tax law, you are not just losing customers—you are facing lawsuits.
In 2026, “Prompt Engineering” (asking nicely) is not enough to stop hallucinations. You need Architectural Guardrails. These are layers of code that sit between the user and the LLM, acting as a firewall for logic.
At The AI Division, we implement strict “Safety Stacks” for our Enterprise AI Solutions. We don’t release a model until it passes these 5 specific checks.
Here is the code to lock down your AI.
Guardrail 1: NVIDIA NeMo (Input Security)
The first step is to stop the AI from even answering malicious or off-topic questions. We use NVIDIA NeMo Guardrails, an open-source toolkit that intercepts the prompt before the LLM sees it.
This prevents “Jailbreaks” (users trying to trick the AI).
<>YAML
# config.co define user ask about competitors "How do you compare to Competitor X?" "Why is Competitor Y better?" define flow competitors user ask about competitors bot refuse to answer define bot refuse to answer "I cannot discuss other companies. I can only help you with our services."
from nemoguardrails import LLMRails, RailsConfig
config = RailsConfig.from_path("./config")
rails = LLMRails(config)
# If the user asks about a competitor, the Rails intercept it
# The LLM is never even called (saving tokens + safety)
response = rails.generate(messages=[{
"role": "user",
"content": "Why is Competitor X cheaper?"
}])
print(response["content"])
# Output: "I cannot discuss other companies..."
Guardrail 2: Structural Validation (Pydantic)
Often, “hallucination” just means the AI returned text when you wanted JSON. It breaks your app.
We use Pydantic (specifically the instructor library) to force the LLM to adhere to a strict schema. If it fails, we automatically retry.
import instructor
from pydantic import BaseModel, Field
from openai import OpenAI
class CustomerInfo(BaseModel):
name: str
age: int = Field(..., gt=18, description="User must be over 18")
email: str
client = instructor.patch(OpenAI())
try:
user = client.chat.completions.create(
model="gpt-4o",
response_model=CustomerInfo,
messages=[{"role": "user", "content": "My name is Bob, email bob@gmail, age 12"}]
)
except Exception as e:
print("Validation Failed: Age is under 18. The AI tried to process an invalid user.")
Guardrail 3: Citation Checking (The “Grounding” Check)
For RAG pipelines, the most common hallucination is the AI making up facts that aren’t in the documents.
We use a “Self-Check” prompt. Before showing the answer to the user, we ask a cheap model (GPT-4o-mini) to verify the facts.
def check_hallucination(context, answer):
system_prompt = """
You are a Fact Checker.
Does the provided ANSWER contain facts NOT present in the CONTEXT?
Reply ONLY with 'YES' (it contains hallucinations) or 'NO' (it is grounded).
"""
response = client.chat.completions.create(
model="gpt-4o-mini",
messages=[
{"role": "system", "content": system_prompt},
{"role": "user", "content": f"CONTEXT: {context} \n ANSWER: {answer}"}
]
)
if "YES" in response.choices[0].message.content:
return False # Fail
return True # Pass
Guardrail 4: The “I Don’t Know” Fallback
Training your AI to admit ignorance is safer than letting it guess.
We lower the confidence threshold. If the vector search similarity score is too low (e.g., < 0.75), we force the system to apologize instead of generating an answer.
<> Python
results = vector_store.similarity_search_with_score(query, k=1)
document, score = results[0]
# 0.0 is perfect match, 1.0 is no match (depending on distance metric)
if score > 0.3:
print("Guardrail Triggered: Relevance score too low.")
return "I'm sorry, I don't have enough information in my knowledge base to answer that."
else:
return generate_answer(document, query)
Guardrail 5: Regex Banning (The Last Line of Defense)
Sometimes simple is best. If you are building a bot for a bank, you never want it to output a credit card number format, even if it’s fake. A simple Regex filter on the output stream catches this.
Conclusion: Trust is Code
Trust isn’t a feeling; it’s a set of engineered constraints. By implementing these 5 guardrails, you move your AI from a “Cool Prototype” to a “Production Asset.”
Do not ship without them.
Is Your AI Leaking Data?
If you have already deployed an internal bot and are worried about what it’s saying, we offer AI Security & Hallucination Audits. We stress-test your agents with adversarial prompts to find the cracks before your customers do.
Connect with us today to Ensure your AI is safe, compliant, and grounded.
Frequently Asked Questions (FAQ)
Q: What is the main cause of AI hallucinations?
A: Hallucinations usually occur because the model is predicting the next “statistically probable” word rather than checking for factual accuracy. In RAG systems, it happens when the retrieved context is irrelevant, forcing the AI to guess.
Q: Can NeMo Guardrails work with OpenAI?
A: Yes, NeMo Guardrails is model-agnostic. It sits in front of OpenAI, Anthropic, or Llama models and acts as a filter for both inputs (prompts) and outputs.
Q: Does lowering temperature fix hallucinations?
A: It helps, but it doesn’t solve it. Setting temperature to 0 makes the model more deterministic, but if the underlying logic or context is wrong, it will still confidently output a wrong answer. You need architectural guardrails (like code checks) to truly fix it.
