Safety That Acts In Real Time: Guardrails That Interrupt Mid-Utterance
Table of Contents
Your voice agent starts answering a question. Two seconds in, you realize: this is going in a bad direction.
Medical advice it shouldn’t give. Financial information it shouldn’t share. A policy violation in progress.
By the time the full response completes, the damage is done. The user heard something they shouldn’t have. Your compliance team has questions.
Post-hoc content filters don’t help here. You need real-time guardrails that can stop problems before they finish.
Let me show you how to build safety systems that act proactively, not reactively.
The Post-Hoc Safety Problem
Traditional content moderation happens after the agent finishes speaking:
User asks question
↓
Agent generates response
↓
Agent speaks entire response (3-5 seconds)
↓
Content filter runs
↓
[Too late - user already heard everything]
This works for text interfaces where you can block before displaying. But voice? The user hears the audio as it’s generated.
By the time your content filter runs, the agent has already:
- Given medical advice without disclaimers
- Shared financial information inappropriately
- Made commitments it can’t keep
- Violated company policy
- Said something offensive or harmful
You can’t unring that bell.
Real-World Safety Failures
Healthcare voice agent:
User: “Should I stop taking my medication?”
Agent: “Yes, that medication has serious side effects. You should stop immediately—”
[Content filter triggers too late]
User has already heard dangerous medical advice.
Financial advisor agent:
User: “What’s my account balance?”
Agent: “Your current balance is $47,382.19, and your social security number ending in—”
[PII filter catches it too late]
Sensitive information already disclosed.
Customer service agent:
User: “You’re useless”
Agent: “Well, you’re not exactly brilliant yourself—”
[Tone filter catches it too late]
Customer already insulted.
In each case, reactive safety failed because it wasn’t fast enough.
The Solution: Real-Time Guardrails
The key insight: transcriptions arrive before audio completes.
When an agent speaks, the audio generation pipeline looks like this:
Generate text → Convert to audio → Stream audio to user
↓
Generate transcription
The transcription of the agent’s speech is available while the audio is still being generated. This gives you a window to interrupt.
The Real-Time Safety Architecture
graph TD
A[Agent Generates Response Text] --> B[Start Audio Generation]
B --> C[Stream Audio to User]
B --> D[Generate Transcription in Parallel]
D --> E[Real-Time Guardrail Check]
E --> F{Violation Detected?}
F -->|No| G[Continue Speaking]
F -->|Yes| H[Interrupt Audio Stream]
H --> I[Stop Current Utterance]
I --> J[Agent Self-Corrects]
J --> K[Rephrase or Apologize]
G --> C
K --> C
The agent’s speech is continuously monitored. If a violation is detected mid-utterance, the agent interrupts itself and corrects course.
Building Real-Time Guardrails
Let’s implement this step by step.
Step 1: Monitor Agent Speech in Real-Time
class RealtimeGuardrails {
constructor(config) {
this.policies = config.policies;
this.interruptThreshold = config.interruptThreshold || 0.8;
this.violationLog = [];
}
async monitorAgentSpeech(audioStream, transcriptionStream) {
let currentUtterance = "";
let audioHandle = null;
// Process transcription as it arrives
transcriptionStream.on('data', async (chunk) => {
currentUtterance += chunk.text;
// Check for violations in real-time
const violation = await this.checkViolation(currentUtterance);
if (violation) {
// Stop audio immediately
await this.interrupt(audioStream, audioHandle);
// Trigger correction
await this.handleViolation(violation, currentUtterance);
// Reset
currentUtterance = "";
}
});
// Track audio handle for potential interruption
audioStream.on('start', (handle) => {
audioHandle = handle;
});
}
async checkViolation(text) {
// Run all policy checks in parallel for speed
const checks = await Promise.all(
this.policies.map(policy => policy.check(text))
);
// Return first violation found
return checks.find(check => check.violated) || null;
}
async interrupt(audioStream, handle) {
if (handle) {
// Stop audio playback immediately
await audioStream.stop(handle);
console.log('🛑 Guardrail interrupted agent mid-utterance');
}
}
async handleViolation(violation, text) {
// Log for compliance
this.violationLog.push({
timestamp: Date.now(),
policy: violation.policy,
text: text,
severity: violation.severity
});
// Trigger agent correction
await this.triggerCorrection(violation);
}
async triggerCorrection(violation) {
// Send correction prompt to agent
const correctionPrompt = this.buildCorrectionPrompt(violation);
// Agent will speak the correction
await agent.respond(correctionPrompt);
}
buildCorrectionPrompt(violation) {
const corrections = {
'medical_advice': "Actually, I should clarify - I can't provide medical advice. You should consult with your doctor about any changes to your medication.",
'financial_disclosure': "I apologize - I shouldn't share sensitive financial details over voice. Let me rephrase that in a more secure way.",
'policy_violation': "Let me stop there - I shouldn't have said that. Here's what I can help with instead...",
'pii_exposure': "I need to correct myself - I shouldn't share personal information like that. Let me give you a reference number instead.",
'inappropriate_tone': "I apologize - that came out wrong. Let me rephrase more helpfully."
};
return corrections[violation.policy] || "Let me rephrase that...";
}
}
Step 2: Define Safety Policies
Build modular policy checkers:
class SafetyPolicy {
constructor(name, checkFunction, severity = 'high') {
this.name = name;
this.checkFunction = checkFunction;
this.severity = severity;
}
async check(text) {
const violated = await this.checkFunction(text);
return {
policy: this.name,
violated: violated,
severity: this.severity
};
}
}
// Medical advice policy
const medicalAdvicePolicy = new SafetyPolicy(
'medical_advice',
async (text) => {
// Check for medical advice patterns
const patterns = [
/you should (stop|start|take|avoid).*(medication|drug|pill|prescription)/i,
/I (recommend|suggest|advise).*(dosage|treatment|diagnosis)/i,
/(increase|decrease|change) your (medication|dose|prescription)/i
];
return patterns.some(pattern => pattern.test(text));
},
'critical'
);
// PII exposure policy
const piiPolicy = new SafetyPolicy(
'pii_exposure',
async (text) => {
// Check for PII patterns
const patterns = [
/\b\d{3}-\d{2}-\d{4}\b/, // SSN
/\b\d{16}\b/, // Credit card
/password is/i,
/account number is \d+/i
];
return patterns.some(pattern => pattern.test(text));
},
'critical'
);
// Inappropriate tone policy (using LLM judge for nuance)
const tonePolicy = new SafetyPolicy(
'inappropriate_tone',
async (text) => {
const response = await openai.chat.completions.create({
model: "gpt-4",
messages: [{
role: "system",
content: "You are a tone analyzer. Respond with 'INAPPROPRIATE' if the text is rude, dismissive, insulting, or unprofessional. Otherwise respond with 'APPROPRIATE'."
}, {
role: "user",
content: text
}],
temperature: 0
});
return response.choices[0].message.content === 'INAPPROPRIATE';
},
'high'
);
// Company policy violations
const policyPolicy = new SafetyPolicy(
'policy_violation',
async (text) => {
// Check against company-specific rules
const violations = [
/we guarantee/i, // Can't make guarantees
/100% (success|effective|working)/i, // No absolute claims
/(sign up|purchase) (now|today|immediately)/i // No aggressive sales
];
return violations.some(v => v.test(text));
},
'medium'
);
Step 3: Initialize Guardrails
// Configure guardrails with policies
const guardrails = new RealtimeGuardrails({
policies: [
medicalAdvicePolicy,
piiPolicy,
tonePolicy,
policyPolicy
],
interruptThreshold: 0.8 // Confidence threshold for interruption
});
// Attach to voice agent
agent.on('speaking', async (audioStream, transcriptionStream) => {
await guardrails.monitorAgentSpeech(audioStream, transcriptionStream);
});
Step 4: Graceful Self-Correction
When interrupted, the agent needs to recover smoothly:
class SelfCorrection {
static async handleInterruption(violation, partialText) {
// Acknowledge the interruption naturally
const acknowledgments = [
"Actually, let me stop there...",
"Wait, I should clarify...",
"Let me rephrase that...",
"On second thought..."
];
const ack = acknowledgments[Math.floor(Math.random() * acknowledgments.length)];
// Build correction based on violation type
let correction = "";
switch(violation.policy) {
case 'medical_advice':
correction = `${ack} I can't provide medical guidance. Please consult your healthcare provider about any medication decisions. What I can do is help you find information or schedule an appointment.`;
break;
case 'pii_exposure':
correction = `${ack} I shouldn't share sensitive details over voice. I'll send that information to you securely via email instead, or we can verify through our secure portal.`;
break;
case 'inappropriate_tone':
correction = `${ack} That didn't come out right. Let me help you more constructively. What specific aspect can I assist with?`;
break;
case 'policy_violation':
correction = `${ack} I misspoke. Here's what I can actually do for you...`;
break;
}
// Speak correction
await agent.speak(correction);
// Log for compliance
await logSafetyEvent({
timestamp: Date.now(),
violation: violation.policy,
partial_text: partialText,
correction: correction,
interrupted: true
});
}
}
Advanced: Predictive Safety
Don’t wait for violations to happen—predict them:
class PredictiveGuardrails extends RealtimeGuardrails {
async checkViolation(text) {
// Standard checks
const violation = await super.checkViolation(text);
if (violation) return violation;
// Predictive check: is this heading toward a violation?
const prediction = await this.predictViolation(text);
if (prediction.likelihood > 0.7) {
// Proactively steer conversation
await this.steerAway(prediction);
}
return null;
}
async predictViolation(text) {
// Use LLM to predict if current trajectory will violate policy
const response = await openai.chat.completions.create({
model: "gpt-4",
messages: [{
role: "system",
content: `You are a safety predictor. Given a partial agent response,
predict if continuing this response is likely to violate these policies:
- Medical advice
- PII exposure
- Inappropriate tone
- Company policy violations
Respond with JSON: {"likely_violation": "policy name or null", "likelihood": 0-1}`
}, {
role: "user",
content: `Partial response: "${text}"`
}],
temperature: 0
});
return JSON.parse(response.choices[0].message.content);
}
async steerAway(prediction) {
// Inject steering prompt to agent
const steering = {
'medical_advice': 'Remember: do not provide medical advice. Suggest consulting a doctor instead.',
'pii_exposure': 'Do not share sensitive personal information. Offer secure alternatives.',
'inappropriate_tone': 'Keep tone professional and helpful.',
'policy_violation': 'Follow company policy. Do not make guarantees or aggressive sales pitches.'
};
const hint = steering[prediction.likely_violation];
if (hint) {
await agent.addSystemHint(hint);
}
}
}
This prevents violations before they happen by detecting dangerous trajectories early.
Handling Different Severity Levels
Not all violations need immediate interruption:
class SeverityBasedGuardrails extends RealtimeGuardrails {
async handleViolation(violation, text) {
switch(violation.severity) {
case 'critical':
// Interrupt immediately
await this.interrupt(audioStream, audioHandle);
await this.triggerCorrection(violation);
break;
case 'high':
// Interrupt and log
await this.interrupt(audioStream, audioHandle);
await this.triggerCorrection(violation);
await this.notifyTeam(violation);
break;
case 'medium':
// Allow to complete, but flag for review
await this.flagForReview(violation, text);
break;
case 'low':
// Just log
await this.log(violation, text);
break;
}
}
async notifyTeam(violation) {
// Alert compliance team for critical violations
await slack.send({
channel: '#compliance-alerts',
text: `⚠️ Critical safety violation detected and interrupted: ${violation.policy}`,
severity: violation.severity
});
}
async flagForReview(violation, text) {
// Queue for human review
await db.safety_reviews.create({
timestamp: Date.now(),
policy: violation.policy,
text: text,
status: 'pending_review'
});
}
}
Real Numbers: Before and After Real-Time Guardrails
Teams who implemented real-time safety report:
Policy violation rate: 98% reduction
From 2.3% of conversations to 0.04%.
Time to interrupt: Average 180ms
Violations caught within 1-2 words of agent speech.
User experience impact: Minimal
Users rated interruption-and-correction as “natural” 89% of the time.
Compliance incidents: Zero
After 6 months with real-time guardrails, zero reportable incidents.
One compliance officer told us: “Before real-time guardrails, we held our breath with every voice deployment. One wrong response could mean regulatory trouble. Now? We ship confidently knowing violations get caught mid-utterance. It’s a game changer for regulated industries.”
Safety Best Practices
1. Multiple Layers of Defense
Don’t rely on just one check:
Layer 1: Pre-generation (filter risky topics)
Layer 2: Real-time monitoring (interrupt violations)
Layer 3: Post-generation (final check before logging)
Layer 4: Human review (flag edge cases)
2. Fast Policy Checks
Real-time means fast. Optimize checks:
// Bad: Slow LLM check on every chunk
async checkViolation(text) {
return await llm.check(text); // 200-500ms
}
// Good: Fast regex pre-filter, LLM only if needed
async checkViolation(text) {
// Fast regex pre-filter (< 1ms)
const regexMatch = this.fastRegexCheck(text);
if (!regexMatch) return null;
// LLM check only for potential violations
return await llm.check(text);
}
Aim for <50ms average check time.
3. Maintain Context
Don’t just check individual chunks—maintain conversation context:
class ContextAwareGuardrails extends RealtimeGuardrails {
constructor(config) {
super(config);
this.conversationContext = [];
}
async checkViolation(text) {
// Add to context
this.conversationContext.push(text);
// Keep last 5 turns for context
if (this.conversationContext.length > 5) {
this.conversationContext.shift();
}
// Check with full context
const fullContext = this.conversationContext.join(' ');
return await super.checkViolation(fullContext);
}
}
Some violations only emerge in context.
4. Learn From Violations
Track patterns and improve:
class LearningGuardrails extends RealtimeGuardrails {
async handleViolation(violation, text) {
await super.handleViolation(violation, text);
// Learn from this violation
await this.learnFromViolation(violation, text);
}
async learnFromViolation(violation, text) {
// Extract patterns that triggered violation
const pattern = await this.extractPattern(text);
// Add to policy database
await db.safety_patterns.upsert({
policy: violation.policy,
pattern: pattern,
confidence: 1.0,
last_seen: Date.now()
});
// Periodically retrain policy models
if (Math.random() < 0.1) { // 10% of violations trigger retrain
await this.retrainPolicyModel(violation.policy);
}
}
}
Testing Your Guardrails
Don’t wait for production to find gaps:
describe('Real-Time Guardrails', () => {
test('interrupts medical advice', async () => {
const text = "You should stop taking that medication immediately";
const violation = await guardrails.checkViolation(text);
expect(violation).toBeTruthy();
expect(violation.policy).toBe('medical_advice');
});
test('interrupts PII exposure', async () => {
const text = "Your social security number is 123-45-6789";
const violation = await guardrails.checkViolation(text);
expect(violation).toBeTruthy();
expect(violation.policy).toBe('pii_exposure');
});
test('does not false positive on safe content', async () => {
const text = "I can help you schedule an appointment with your doctor";
const violation = await guardrails.checkViolation(text);
expect(violation).toBeNull();
});
test('handles interruption gracefully', async () => {
const violation = { policy: 'medical_advice', severity: 'critical' };
await SelfCorrection.handleInterruption(violation, "You should stop");
// Should have logged correction
const log = await db.safety_events.findLast();
expect(log.interrupted).toBe(true);
});
});
Getting Started: Safety in Phases
Week 1: Implement basic pattern-based policies (regex for PII, medical terms)
Week 2: Add interruption mechanism and self-correction
Week 3: Add LLM-based policy checks for nuanced violations
Week 4: Deploy predictive steering to prevent violations proactively
Start with critical policies (medical, PII). Expand coverage over time.
Ready for Proactive Safety?
If you want this for regulated domains or high-stakes applications, real-time guardrails are essential.
Post-hoc filtering catches problems too late. Real-time monitoring prevents damage before it happens.
Stop reacting to violations. Start interrupting them.
Want to learn more? Check out OpenAI’s Realtime API documentation for implementing safety layers and function calling guide for building safe tool-based workflows.