[jsherry]

This may be a naive question. But is there a way to embed a chat bot like this that only queries the data we feed it, and not the universe of other stuff in gpt? Like I don’t want people using the chatbot in our product to query a good strawberry shortcake recipe. We just want them to query about data we allow it to query which is native to our business.

Is this feasible? Thx.

[killthebuddha]

When you're building applications on top of LLMs, there are a number of central problems that you're trying to solve and this is one of them. Solutions are numerous and widely variable, everything from basic regex parsing to fine-tuning validator models to new programming/modeling languages. Here's some examples:

  - https://github.com/microsoft/guidance
  - https://github.com/NVIDIA/NeMo-Guardrails/
  - https://github.com/r2d4/rellm
  - https://shreyar.github.io/guardrails/
  - https://lmql.ai/
  - https://github.com/jbrukh/gpt-jargon

[mrtranscendence]

There’s no foolproof way to do what you want at this point. You could have a separate model trained to infer whether a query is relevant to your product, and then reject the query if it’s predicted to be irrelevant. That’s not 100%, though.

[fleischhauf]

I don't think you can really 100% prevent it. even openai has issues with gpt responding in an undesired way (google Dan, where people try to hack instructions to get responses that are undesired by the openai team). However I think you can make it more difficult (as in the person trying to misuse your chatbot will need to put in some effort to get the strawberry cake, if you have instructed it before to only give information about your product)

[experimenting]

Yes, this is feasible.

Look into https://github.com/NVIDIA/NeMo-Guardrails and specifically to your question there are "topical rails" to ensure the conversation stays on a set of topics you greenlighted.

Also takes care of jailbreaks and allows custom conversation flow templates.

[mrtranscendence]

I'm curious how that works, as the documentation is a little under-specified. It seems like it requires specifying exact "utterances" from the user, but I don't think that can be the case -- wouldn't it be flatly useless that way? But it's not clear how to use it to, for example, disallow talking about politics. Or to disallow talking about topics unrelated to the dev's product, for that matter.

[chintler]

This is somewhat possible. I've created a way to chat to our company's material publicly. We used a lot of prompt engineering and custom guardrails to achieve this. However, it severely limited the length of the conversation that a user can have.

[moneywoes]

I think Simon Wilson who has a big blog posted often mentioned this is impossible