“Implement automated post-generation checking or filtering to catch harmful outputs.” For misinformation specifically, this means validation layers that check factual claims against authoritative sources before returning responses to users.

No output validation existed in the Air Canada chatbot or the legal research tool in Mata. In both cases, raw LLM output reached the user or the downstream action (the tribunal, the court filing) without any automated check. A simple URL-resolution check on cited cases, or a policy-database lookup confirming whether an answer matches the actual policy record, would have flagged both before harm occurred.

→ For domain-specific deployments: build a validation layer that checks key claims against authoritative data before returning the response
→ Fail closed: if validation cannot confirm a claim, return “I cannot verify this — please consult a specialist” rather than passing unverified output through
→ For code generation: run SAST automatically on generated code before displaying it
→ For package recommendations: resolve package names against the registry before surfacing them to developers

Deliberately introduce a false claim into the system — wrong policy text, a fabricated case name, a non-existent package — and see if it reaches the user unchecked. If it passes through, the output validation pipeline is not working. Test every claim type your application handles.