This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
Policies
What is a Policy?
In Motific.ai, a policy refers to a set of guidelines defined for the usage of a Gen AI application associated with a Motif. These policies cover a wide aray of usecases like sensitive data protection, blocking unsafe and harmful content from going to the LLM. Or stopping assistants from engaging with hateful content, or protecting users from potential phishing scams or prompt hacking attempts via the LLM. A policy also outlines a course of action to be taken when Motific.ai identifies an application usage does not conform to the defined policies. When Motific.ai detects app usage violating any of the policies, it takes pre-configured actions.
The policies are created and used when a Motif is created. These policies assist organizations in ensuring security and compliance for Gen AI apps.
Available policies
Motific.ai provides the following policy templates to be defined with a Motif:
Features
In the Motifs menu, you have the following actions that you can perform:
1 - Create policies
Create a new policy
-
To create a new policy, click on the Create a new policy button.
-
Provide a policy name as a unique identifier for the policy.
-
Next, choose the policy properties from the policy template displayed:
Adversarial content
An adversarial content policy can block attempts to exploit AI models through prompt injections, SQL query injection, and security threats, ensuring safe interactions.
You can define the policy with an action that Motific.ai should perform when it detects that a prompt is injected with adversarial or harmful content. This policy also examines and blocks the output from a model that contains any adversarial or harmful content. The actions that Motific.ai can take are Pass the prompt to LLM and the output to the user or Block both input and output.
Policy action
- Pass- When the
Pass
action is selected, Motific.ai passes a prompt detected with adversarial and harmful content to the LLM for inference, without any action.
- Block- When
Block
action is selected, Motific.ai blocks a prompt detected with adversarial and harmful content from getting an inference. Also, an LLM response is also blocked when it is detected to have adversarial content.
-
To define adversarial content policy, select the Adversarial content template.
-
The following categories are available for you to define policies over:
-
Adversarial- The adversarial category is triggered when the content of a prompt tries to deceive a LLM with harmful input. Select a policy action for Motific.ai to perform when it identifies that the prompt or a model output contains adversarial content.
-
Harmful- This category is triggered when a prompt contains hate speech, profanity, or self-harm content. Select a policy action for Motific.ai to perform when it detects that the prompt passed contains harmful content.
-
SQL injection- This category is triggered when an input contains SQL code intended to manipulate data. Select a policy action for Motific.ai to perform when it detects that the prompt or a model output is injected with SQL content i.e., SQL queries.
-
XSS injection- The XSS injection, also known as a cross-site scripting attack it is triggered when an input contains malicious scripts. Select a policy action for Motific.ai to perform when it detects that the prompt or a model output is injected with XSS content i.e., malicious scripts.
-
Context switch- This category is triggered when a prompt contains content that signals a LLM to change the topic or type of content that it is generating. Select a policy action for Motific.ai to perform when it detects that the prompt or a model output is injected with context switching content.
-
DAN (Do anything now)- The DAN category is triggered when the input contains open-ended master instructions that could potentially lead the LLM to generate outputs without clear ethical or safety boundaries. Select a policy action for Motific.ai to perform when it identifies that the prompt or a model output is injected with a master prompt.
Toxic content
Toxic content policy helps you enforce guidelines for toxic (umbrella term for rude, offensive content) and unsafe content. It ensures interactions with any LLMs are free from racism, sexism, and other harmful behaviors.
Here, you can set actions for when Motific.ai identifies that a prompt contains ethically wrong and unsafe content, such as hate, violence, self-harm, or sexual etc. The actions that Motific.ai can take are Pass or Block the PII.
Policy action
- Pass- When the
Pass
action is selected, Motific.ai passes a prompt with toxic content to the LLM for inference, without any action.
- Block- When
Block
action is selected, Motific.ai blocks a prompt with toxic content. The request does not proceed to the LLM.
-
To set toxic content actions, select the Toxic content option.
-
The following categories are available for you to define policies over:
-
Violence- Select a policy action such as Pass or Block that Motific.ai can perform when it detects that the prompt contains content describing violence.
-
Self-harm- Select a policy action such as Pass or Block that Motific.ai can perform when it detects that the prompt contains content that describes or is related to self-harm.
-
Hate- Select a policy action such as Pass or Block that Motific.ai can perform when it detects that the prompt contains hateful or fairness-related harmful content.
-
Sexual- Select a policy action to perform for when Motific.ai detects that the prompt or inference response contains sexually explicit content.
Malicious URL
Malicious URL and data protection policy prohibits the injection of harmful URLs, protecting the chat interface from cybersecurity risks.
Here, you can select the action that Motific.ai should perform when it detects that a prompt contains deliberately malicious, sensitive data theft, or data poisoning content. The actions that Motific.ai can take are Pass or Block the malicious content from reaching the model.
Policy action
- Pass- When the
Pass
action is selected, Motific.ai passes a prompt with malicious and data theft content to the LLM for inference, without any action.
- Block- When the
Block
action is selected, Motific.ai blocks a prompt with malicious content. The request does not proceed to the LLM.
- To define malicious URL policy, select the Malicious URL option.
- The following malicious URL and data protection content categories are available for you to define policies over:
- Malicious URL- Malicious URLs are unsafe URLs that, if undetected, can cause phishing attacks, etc. Select a policy action for Motific.ai to perform when it detects that a prompt is injected with malicious URL(s).
Off-topic content
Off-topic content policy, when set, helps keep conversations focused and relevant, preventing misuse of chatbots for unintended purposes.
Here, you can set actions for when Motific.ai identifies that a prompt or a model output contains content from the restricted/unintended topics that you define within Motific.ai. You are provided with fields where you can define the topic names that are considered to be off-topic or restricted while interacting with an LLM. For example, topics like dating, vacation, travel, gaming etc., are topics that an organization may regard as irrelevant to the users to be productive.
For each topic you can define an action of block or warn when Motific.ai detects these topics in a prompt, that prompt can either be blocked from getting an inference from an LLM or can be passed to an LLM. Off-topic detection when set also examines the output of a model i.e., an LLM response for any restricted topic content. And depending on the action set, Motific.ai takes the next course of action. This helps ensure that the interaction with the GenAI apps is within the organization’s values and ethics.
The actions that Motific.ai can take are Warn or Block the off-topic content.
Policy action
- Warn- When the
Warn
action is selected, Motific.ai passes a prompt detected with off-topic content from the restricted topics listed during policy creation to the LLM for inference. Also an LLM response is passed without any action if detected with off-topic.
- Block- When
Block
action is selected, Motific.ai blocks a prompt and LLM response detected with off-topic content. The request does not proceed to the LLM. Also, if a model output is detected with off-topic the response is also blocked and no response is sent back.
- To set off-topic detection policy actions, select the Off-topic detection template.
- You can see the pre-populated fields, you can either keep the same topics or edit them add customized topics want to list as off-topic.
- Enter the off-topic names and what action needs to be taken.
PII content
PII (Personally identifiable information) content policy prevents the sharing of sensitive personal information with LLMs to safeguard user privacy.
Here, you define an action that Motific.ai should perform, when it detects that a prompt contains any or all the PII entities. This helps safeguard user’s privacy from unauthorized access and breaches. The actions that Motific.ai can take are Pass, Block, or Redact the PII. By default, the action is set to Pass for each category.
Policy action
- Pass- When the
Pass
action is selected, Motific.ai passes the PII content in a prompt to the LLM for inference, without any action.
- Block- When
Block
action is selected, the PII content in a prompt is blocked from getting an inference from the LLM.
- Redact- When the
Redact
action is selected, the PII content is redacted with a generic tag associated with the detected PII categories. For example, if a credit card number is detected in a prompt, then <CREDIT_CARD> tag is replaced with the credit card number.
-
To define PII content, select the PII content option.
-
The following PII categories are available for you to define policies over:
- Credit cards- Select a policy action to perform when Motific.ai detects that the prompt or inference response contains credit card numbers.
- Email address- Select a policy action to perform when Motific.ai detects that the prompt or inference response contains email addresses.
- Person- Select a policy action to perform when Motific.ai detects that the prompt or inference response contains a person’s details like first name, last name.
- Phone numbers- Select a policy action to perform when Motific.ai detects that the prompt contains a US phone number.
- Location- Select a policy action to perform when Motific.ai detects that the prompt or inference response contains a locations details like address, country, etc.
- US social security numbers- Select a policy action to perform when Motific.ai detects that the prompt contains US social security number(s).
Code presence
The code presence policy ensures that the prompt is scanned for any presence of code.
Here, you can set actions for when Motific.ai identifies that a prompt sent to a LLM, or an inference output from a model, contains code in programming languages such as Python, Java, or JavaScript. The actions that Motific.ai can take are Pass or Block the insecure code.
Policy action
- Pass- When the
Pass
action is selected, Motific.ai passes a prompt with code to the model for inference, without any action. Also, no action is taken when a model response contains code.
- Block- When
Block
action is selected, Motific.ai blocks a prompt from being passed to a model also it blocks an output from a model that contains code.
- To define code presence policy, select the Code presence template.
- Choose the action for Motific.ai to perform when code presence is detected in a prompt or model response.
- You can choose to either allow the detected code to
Pass
or Block
it from a prompt or model response.
The code presence plugin currently only supports English language prompts. Sending prompts in any other language may trigger the policy to result in false positives for code presence.
When you are done configuring the policies, click Save policy button. And the policy is saved and displayed on the Policies page.
2 - Update a policy
Update a policy
The policy that you created can be viewed on the policies page. The existing policies (if any) are in the list view.
-
To update a policy, click on the overflow menu (three dots) at the end of the policy card view or in the Actions column of the list view.
-
Select the Edit option, or alternatively click on the policy name.
-
Edit policy name.
- Edit policy name- Click on the Edit button to edit a policy name.
- Once you are done editing the name, click the Save button.
-
Next, you can edit the policy template. Here you can view the previously selected policy template details.
You can choose a new policy template and define actions or edit any of the actions for the categories available for the previously selected policy template.
- Edit policy template- Click on the Edit button icon to edit a policy template.
- You can edit the policy template, then click the Save button.