TL;DR

-db1-

  • GenAI changes content moderation from a post-publication task to a real-time, model-layer challenge.
  • Traditional filters—based on keywords or regex—fail to catch multilingual, evasive, or prompt-driven attacks.
  • Moderating output as it’s generated is the only scalable way to build safe, trusted AI products without slowing down development.

-db1-

Want to see how Lakera Guard works in practice? This interactive tutorial lets you explore real GenAI security scenarios—from prompt injections to content moderation—and shows how Lakera Guard defends against them behind the scenes.

Start the Tutorial

New call-to-action

The Lakera team has accelerated Dropbox’s GenAI journey.

“Dropbox uses Lakera Guard as a security solution to help safeguard our LLM-powered applications, secure and protect user data, and uphold the reliability and trustworthiness of our intelligent features.”

-db1-

If you’re rethinking moderation in the age of GenAI, these reads expand on key attack vectors, emerging risks, and why real-time filtering is becoming the new baseline:

  • See how attackers manipulate LLMs into unsafe behavior through prompt injection, one of the most common and dangerous vulnerabilities in GenAI apps.
  • Explore how direct prompt injections bypass moderation systems by embedding instructions in plain text.
  • Learn how jailbreaking LLMs exposes cracks in safety guardrails—and why moderation alone isn’t enough.
  • Discover how inappropriate output can stem from upstream issues like training data poisoning.
  • Stay ahead of multilingual and evasive responses by integrating LLM monitoring into your stack.
  • For teams deploying AI-powered chatbots, this guide to chatbot security breaks down common risks and how to mitigate them.
  • And if you’re testing moderation policies under real pressure, AI red teaming offers a battle-tested way to expose weaknesses before attackers do.

 -db1-

The GenAI Challenge: Why New Content Risks Require New Defenses

Traditional moderation systems were designed for platforms where users create and upload content. In these environments, the biggest challenge was scale—millions of posts, comments, and images needing review every day. But at least you knew who created the content.

With GenAI, that foundation disappears. Now, the content isn’t coming from a user—it’s coming from the model itself. And while large language models are incredibly powerful, they’re also unpredictable.

They can hallucinate.

They can reflect bias from their training data.

They can generate harmful, offensive, or misleading content without warning—even when the prompt looks safe.

And because this content is generated in real time, at scale, and often in response to open-ended prompts, it introduces a new class of risk. Even something as seemingly harmless as an AI-powered tutor or chatbot can become a liability if the output isn’t moderated before delivery.

These risks aren’t theoretical. In recent months alone:

  • Epic Games released an AI-powered Darth Vader NPC in Fortnite, and within hours, players had tricked it into saying profanity and homophobic slurs—despite it running on Google’s Gemini model and trained voice samples from James Earl Jones. (PC Gamer)
  • A student asking a Google chatbot for homework help was told they were a “stain on the universe” and urged to “please die,” highlighting the risks of abusive LLM output even in seemingly low-risk educational settings. (New York Post)
  • Australian schools trialing classroom chatbots warned parents and educators that the tools were producing false, biased, or inappropriate content—and advised teachers to manually verify AI-generated answers. (The Australian)

These incidents highlight how hard it is to catch dangerous behavior with keyword filters or traditional classifiers. GenAI systems can:

  • Embed inappropriate meaning in benign-looking responses
  • Evade detection with slight phrasing changes or multilingual output
    Be manipulated through cleverly crafted prompts (prompt injections)

The result?

More companies are realizing that reactive moderation is too late. The new challenge is to moderate content before it ever reaches the screen—without slowing the application down or breaking the user experience.

Traditional Moderation vs. GenAI Guardrails

The tools and strategies used for content moderation weren’t built for GenAI. They were designed for a world where content came from users—not from the software itself. As a result, many of the moderation techniques still in use today are fundamentally mismatched with how LLMs generate content.

Let’s break down the difference.

<div class="table_component" role="region" tabindex="0">
<table>
   <caption><br></caption>
   <thead>
       <tr>
           <th>Traditional Content Moderation</th>
           <th>GenAI Output Moderation (Lakera’s Focus)</th>
       </tr>
       <tr>
           <td>
               <p>Filters <b>user-generated</b> content</p>
           </td>
           <td>Filters <b>AI-generated</b> content</td>
       </tr>
       <tr>
           <td>Happens <b>after</b> content is posted or uploaded</td>
           <td>Happens <b>before</b> content is shown to the user</td>
       </tr>
       <tr>
           <td>Applied to social media, marketplaces, forums</td>
           <td>Applied to GenAI apps: <a href="https://www.lakera.ai/blog/chatbot-security">copilots, chatbots, educational tools</a></td>
       </tr>
       <tr>
           <td>Relies on keyword filters, blocklists, human review</td>
           <td>Uses LLM-native guardrails and policy-driven output filtering</td>
       </tr>
       <tr>
           <td>Often involves moderation teams or outsourced vendors</td>
           <td>Happens automatically, in real time</td>
       </tr>
   </thead>
   <tbody></tbody>
</table>

This shift isn’t just technical—it’s conceptual. In GenAI environments, the app itself becomes the content source. That means teams need to rethink how and where they apply moderation. Instead of catching problems after the fact, they need to filter risky outputs at generation time—with policies that align with their use case, user base, and risk profile.

Why Existing Tools Fall Short

Most AI content moderation tools in use today weren’t built for GenAI. They were designed to flag or block user-generated content based on static patterns—keywords, regex rules, or pre-defined taxonomies. These techniques can still catch the obvious stuff. But GenAI doesn’t produce the obvious stuff.

It produces everything else.

Large language models are capable of generating complex, subtle, multilingual content that easily slips past traditional filters. Worse, they can be manipulated with adversarial prompts that intentionally bypass simplistic safeguards. This makes many legacy moderation tools brittle at best—and dangerously ineffective at worst.

Some of the most common failure points include:

  • Multilingual evasion: Many moderation systems block offensive content in English, but completely miss equivalent expressions in other languages—a gap that attackers increasingly exploit. 👉 See why this is one of GenAI’s most overlooked vulnerabilities in Language Is All You Need
  • Evasive phrasing: Slight rewording can avoid detection entirely (e.g. “unalive” instead of “kill”).
  • Tone and implication: Many outputs aren’t directly offensive, but become harmful when interpreted in context. Keyword filters simply don’t have that level of understanding.
  • Prompt injections: Attackers can trick LLMs into ignoring safety constraints and producing inappropriate content—without the model technically violating a keyword-based rule.

In the age of GenAI, moderation needs to be context-aware, language-flexible, and real-time. Traditional automated content moderation systems that rely on static rules will always be one step behind—especially when attackers are probing for weaknesses using natural language.

Introducing a New Layer: Lakera’s AI-Native Content Safety Guardrails

When you’re building with GenAI, safety can’t be an afterthought. You need a way to control what your model says—without slowing down development or compromising UX.

Lakera Guard’s Content Safety policy gives teams that control out of the box. It’s one of several pre-built policy templates designed to help teams get started immediately, without needing to build complex moderation logic from scratch.

This policy focuses on two key things:

  • Ensuring that AI-generated content is safe, appropriate, and user-friendly
  • Guarding against malicious prompts that attempt to bypass safety measures

It’s ideal for applications where protecting users is non-negotiable—including educational tools, community platforms, and any shared GenAI interface. And unlike traditional filters, it’s built for LLMs from the ground up.

Here’s what you get:

  • Real-time filtering of harmful, offensive, or prohibited content
  • Defense against prompt injections and evasive phrasing
  • Balanced thresholds to preserve fluid, open-ended interactions
  • Support for compliance with content moderation standards and regulations

**👉 Want to explore how Lakera Guard helps teams set up moderation and security policies from day one? Read How to Secure Your GenAI App When You Don’t Know Where to Start.**

Why Content Moderation Needs to Shift Left

The old approach to moderation—reviewing content after it’s been published—doesn’t work when the content is generated by your application in real time. You don’t get a second chance to catch a toxic, biased, or hallucinated response once it’s on screen.

When Google’s Gemini chatbot told a student to “please die” after they asked for homework help, it wasn’t flagged and fixed later—it happened live. So did Fortnite’s AI Darth Vader saying slurs, and so did the Australian school chatbots outputting biased and misleading responses. None of these were edge cases. They were defaults.

This is why the best GenAI teams today are shifting moderation to the point of generation—intercepting unsafe content as it’s created, not after it lands. It’s faster, safer, and far more scalable.

And it’s not just a moderation strategy. It’s where AI security as a whole is going.

As Mateo Rojas-Carulla, Lakera's Chief Scientist, put it in a recent article:

“Security must be part of the generation layer itself—not an external add-on. The same way safety is baked into models, it must be baked into the infrastructure that serves them.”

**👉 Read: The Security Company of the Future Will Look Like OpenAI.**

If you’re building with GenAI, you’re not just shipping features. You’re generating content in real time—for real users. That means moderation needs to be designed in, not patched on.

Conclusion: GenAI Changes the Game—Your Moderation Strategy Should Too

The way we think about content moderation needs to evolve. It’s no longer about filtering what users post—it’s about ensuring that your AI-generated content is safe, appropriate, and aligned with your values before it reaches anyone.

For many teams, the real blocker to shipping GenAI features isn’t the model. It’s the uncertainty around safety. When there’s no clear way to moderate outputs, products get delayed, launches stall, and risk teams push back. In other words, insecure GenAI slows down innovation.

Shifting moderation to the generation layer changes that. It removes friction, builds trust, and lets teams move fast without compromise.

Lakera Guard is designed to make that shift easy. With policy-driven guardrails, including a dedicated Content Safety template, you can moderate AI output in real time—no complex setup required.

**👀 Curious what your AI is saying to your users? Try setting up Lakera Guard and see how content safety can be designed in from the start.**