Configure evaluation and moderation¶

Evaluation and moderation guardrails help your organization block prompt injection and hateful, toxic, or inappropriate prompts and responses. It can also prevent hallucinations or low-confidence responses and, more generally, keep the model on topic. In addition, these guardrails can safeguard against the sharing of personally identifiable information (PII). Many evaluation and moderation guardrails connect a deployed text generation model (LLM) to a deployed guard model. These guard models make predictions on LLM prompts and responses, and then report these predictions and statistics to the central LLM deployment. To use evaluation and moderation guardrails, first, create and deploy guard models to make predictions on an LLM's prompts or responses; for example, a guard model could identify prompt injection or toxic responses. Then, when you create a custom model with the Text Generation target type, define one or more evaluation and moderation guardrails.

To select and configure evaluation and moderation guardrails:

1. In the Model workshop, open the Assemble tab of a custom model with the Text Generation target type and assemble a model, either manually from a custom model you created outside of DataRobot or automatically from a model built in a Use Case's LLM playground:

   

   When you assemble a text generation model with moderations, ensure you configure any required runtime parameters (for example, credentials) or resource settings (for example, public network access). Finally, set the Base environment to [GenAI] Python 3.11 with Moderations:

   

   Resource settings

   DataRobot recommends creating the LLM custom model using larger resource bundles with more memory and CPU resources.

2. After you've configured the custom model's required settings, navigate to the Evaluation and Moderation section and click Configure:

   

3. In the Configure evaluation and moderation panel, on the Evaluation tab, click one of the following metric cards to configure the required properties:

   

   Evaluation metric	Deployment or API connection	Description
   Custom Deployment	Custom deployment	Use any deployment to evaluate and moderate your LLM (supported target types: regression, binary classification, multiclass, text generation).
   Faithfulness	OpenAI API	Measure if the LLM response matches the source to identify possible hallucinations.
   PII Detection	Presidio PII Detection	Detect Personally Identifiable Information (PII) in text using the Microsoft Presidio library.
   Prompt Injection	Prompt Injection Classifier	Detect input manipulations, such as overwriting or altering system prompts, intended to modify the model's output.
   Rouge 1	N/A	Calculate the similarity between the response generated from an LLM blueprint and the documents retrieved from the vector database.
   Sentiment Classifier	Sentiment Classifier	Classify text sentiment as positive or negative.
   Stay on topic for inputs	NVIDIA NeMo Guardrails API	Use NVIDIA NeMo Guardrails to provide topic boundaries, ensuring prompts are topic-relevant and do not use blocked terms.
   Stay on topic for output	NVIDIA NeMo Guardrails API	Use NVIDIA NeMo Guardrails to provide topic boundaries, ensuring responses are topic-relevant and do not use blocked terms.
   Token Count	N/A	Track the number of tokens associated with the input to the LLM, output from the LLM, and/or retrieved text from the vector database.
   Toxicity	Toxicity Classifier	Classify content toxicity to apply moderation techniques, safeguarding against dissemination of harmful content.

   The deployments required for PII detection, prompt injection detection, sentiment classification, and toxicity classification are available as global models in the registry.

   The following global models are available:

   Model	Type	Target	Description
   Prompt Injection Classifier	Binary	injection	Classifies text as prompt injection or legitimate. This model requires one column named text, containing the text to classify. For more information, see the deberta-v3-base-injection model details.
   Toxicity Classifier	Binary	toxicity	Classifies text as toxic or non-toxic. This model requires one column named text, containing the text to classify. For more information, see the toxic-comment-model details.
   Sentiment Classifier	Binary	sentiment	Classifies text sentiment as positive or negative. This model requires one column named text, containing the text to classify. For more information, see the distilbert-base-uncased-finetuned-sst-2-english model details.
   Emotions Classifier	Multiclass	target	Classifies text by emotion. This is a multilabel model, meaning that multiple emotions can be applied to the text. This model requires one column named text, containing the text to classify. For more information, see the roberta-base-go_emotions-onnx model details.
   Refusal Score	Regression	target	Outputs a maximum similarity score, comparing the input to a list of cases where an LLM has refused to answer a query because the prompt is outside the limits of what the model is configured to answer.
   Presidio PII Detection	Binary	contains_pii	Detects and replaces Personally Identifiable Information (PII) in text. This model requires one column named text, containing the text to be classified. The types of PII to detect can optionally be specified in a column, 'entities', as a comma-separated string. If this column is not specified, all supported entities will be detected. Entity types can be found in the PII entities supported by Presidio documentation. In addition to the detection result, the model returns an anonymized_text column, containing an updated version of the input with detected PII replaced with placeholders. For more information, see the Presidio: Data Protection and De-identification SDK documentation.
   Zero-shot Classifier	Binary	target	Performs zero-shot classification on text with user-specified labels. This model requires classified text in a column named text and class labels as a comma-seperated string in a column named labels. It expects the same set of labels for all rows; therefore, the labels provided in the first row are used. For more information, see the deberta-v3-large-zeroshot-v1 model details.
   Python Dummy Binary Classification	Binary	target	Always yields 0.75 for the positive class. For more information, see the python3_dummy_binary model template.

4. Depending on the metric selected above, configure the following fields:

   

   Field	Description
   Name	Enter a unique name if adding multiple instances of the evaluation metric.
   Apply to	Select one or both of Prompt and Response, depending on the evaluation metric.
   Deployment name	For evaluation metrics calculated by a guard model, select the custom model deployment. For a Custom Deployment, you must also configure the following: Input column: Change promptText to the deployment's input column name. This name is defined by the custom model creator. For global models created by DataRobot, the default input column name is text. Output column: Change target to the deployment's output column name. This name should be the target name suffixed with _PREDICTION (i.e., <target_name>_PREDICTION), as it follows the Batch Prediction API output format. The target name is listed on the deployment's Overview tab. You can confirm the column names by exporting and viewing the CSV data from the custom deployment. If the guard model for the custom deployment has the moderations.input_column_name and moderations.output_column_name key values defined, these fields are populated automatically.
   OpenAI API	For the Faithfulness evaluation metric, enter an OpenAI API base URL, OpenAI API key, and OpenAI API Deployment.
   NVIDIA API	For the Stay on topic evaluations, enter an NVIDIA NeMo Guardrails API key.
   Files	For the Stay on topic evaluations, modify the NeMo guardrails configuration files.
   Moderation criteria	Define the criteria that determines when moderation logic is applied.

5. After configuring the required fields, click Add to save the evaluation and return the Evaluation tab. Select and configure another metric, or click Next to proceed to the Moderation tab to configure a moderation strategy.

6. On Moderation tab, set a Moderation strategy for Prompt moderation and Response moderation. For each evaluation metric, select a Moderation method—either Report or Block (if applicable).

   

   When you select Block, you can optionally configure the default Display message.

7. Click Save configuration.

   The guardrails you selected appear in the Evaluation and moderation section of the Assemble tab.

   

After you add guardrails to a text generation custom model, you can test, register, and deploy the model to make predictions in production. After making predictions, you can view the evaluation metrics on the Custom metrics tab and prompts, responses, and feedback (if configured) on the Data exploration tab.

View evaluation and moderation guardrails¶

When a text generation model with guardrails is registered and deployed, you can view the configured guardrails on the registered model's Overview tab and the deployment's Overview tab: