Trust CenterResponsible AI

Guardrails, by construction.

ArthurAI is engineered so that the educator is the decider and the AI is decision support. The guardrails below are not configuration toggles; they are how the system is built. Every AI surface in the platform inherits them.

Pre-LLM guardrails

Before any user input reaches a foundation model, the platform enforces four pre-LLM guardrails:

  • Rate limiting

    10 AI requests per user per minute.

    Prevents accidental cost spirals and abusive automated traffic. Per-institution quota gates layer on top.

  • Input validation

    Maximum message length, sanitized formatting.

    HTML and script tags are stripped before any prompt assembly. Inputs that exceed the maximum length are rejected at the API boundary, not silently truncated.

  • Prompt-injection filtering

    Known injection patterns blocked at the boundary.

    A library of prompt-injection patterns is matched against every input. Matched inputs are rejected before model invocation. The library is updated as new attack patterns are documented.

  • Cost check

    Per-institution token budget enforcement.

    Every request verifies that the institution has remaining token budget before invoking a model. Soft limit at 80% triggers an admin warning; hard limit at 100% blocks further calls until the budget is reset or upgraded.

Post-LLM guardrails

Before any model output reaches a learner, the platform enforces four post-LLM guardrails:

  • Response validation

    The output must be parseable text or JSON.

    Models occasionally produce malformed output. The platform parses every response before display. Malformed output triggers a retry with a corrected prompt or a clear error rather than a silent failure surface.

  • Schema validation

    Structured outputs match expected shape.

    Lesson generation, curriculum generation, and assessment authoring use structured-output prompts. The platform validates every response against the expected JSON schema. Schema-mismatched responses are rejected and retried.

  • Content safety

    Inappropriate content is filtered before display.

    Outputs are passed through Azure AI Content Safety classifiers (and equivalent provider safety layers) before reaching a learner. Unsafe outputs are blocked, logged for review, and a fallback path is invoked.

  • Citation discipline

    Where applicable, sources are linked.

    The AI tutor cites lesson source material for in-context answers. Lesson generation links back to the curriculum-source document. Citations are validated to point at real sources before display; broken citations trigger regeneration.

Logging discipline

What we never log: AI prompts. AI responses. Conversation content. The text of any tutor exchange. The text of any AI-generated lesson content as it was shown to a learner. This is a firm rule, not a configuration option.

What we do log: Model name, input token count, output token count, total token count, estimated cost in USD, latency, user ID, institution ID, course ID where applicable, and the function name that invoked the model. That is enough to operate, attribute cost, and audit usage. It is not enough to reconstruct what a learner said or what the AI answered.

Conversation history persists client-side (localStorage) so the learner can see their own past chat. It is never sent to our servers as a stored record.

Human-in-the-loop

Every AI-generated artifact follows a draft-approve workflow. The educator, faculty member, instructor, or L&D leader is the decider; the AI is decision support.

  • Curriculum. AI generates a draft. The teacher (or faculty member, instructor, L&D leader) reviews and attests before students see it.
  • Lesson content. AI generates the 6-step lesson body. The educator can review, edit, and approve before student access. The default workflow shows the AI-drafted content with the educator-attest checkpoint before publishing to the learner cohort.
  • Assessments. AI authors candidate items tied to the lesson scope. The educator curates the actual assessment from the candidate pool. AI-suggested grades on short-response items are educator-attested before entering the gradebook.
  • AI tutor responses. Real-time interaction with the learner; no educator approval required for an individual exchange. The educator receives aggregate signals (which lesson scopes generated the most tutor questions) but never the conversation content itself.
  • Theme colors. AI-generated theme colors preview in institutional settings; the institution admin saves explicitly.
  • Progression decisions. The AI never autonomously decides about student progression, course completion, or competency attestation. These are educator actions.
Training-data discipline

Customer data is never used for AI model training. ArthurAI's reasoning capability is built on Eve-Genesis synthetic data, not on data from the institutions we serve. This is contractual, not just policy. The composed frontier providers (OpenAI, Anthropic, Microsoft Azure OpenAI, Meta via Azure AI Foundry, Mistral via Azure AI Foundry, DeepSeek via Azure AI Foundry, Microsoft Phi, Cohere) are engaged at the API tier where inputs and outputs are not used for provider model training.

The motto

The AI reasons. The educator decides.

Security FAQ →Disclosure language →Talk to our team →