For input validation and sanitization, the key metrics are False Positive Rate and False Negative Rate. These show how often bad inputs are wrongly accepted or good inputs are wrongly rejected. Minimizing false negatives is critical to avoid security risks, while minimizing false positives keeps the system user-friendly.
Input validation and sanitization in Agentic AI - Model Metrics & Evaluation
Start learning this pattern below
Jump into concepts and practice - no test required
| Predicted Valid | Predicted Invalid |
|-----------------|-------------------|
| True Valid (TV) | False Invalid (FI) |
| False Valid (FV) | True Invalid (TI) |
Total inputs = TV + FI + FV + TI
- True Valid (TV): Correctly accepted good inputs
- False Invalid (FI): Good inputs wrongly rejected
- False Valid (FV): Bad inputs wrongly accepted
- True Invalid (TI): Correctly rejected bad inputs
Precision here means how many accepted inputs are actually good. High precision means few bad inputs get through.
Recall means how many good inputs are accepted out of all good inputs. High recall means few good inputs are wrongly blocked.
Example: If you block too many inputs to be safe, recall drops (good inputs rejected). If you accept too many inputs, precision drops (bad inputs accepted).
Balance depends on use case: For security, prioritize precision (block bad inputs). For user experience, prioritize recall (accept good inputs).
- Good: Precision > 0.95 and Recall > 0.90 means most bad inputs blocked and most good inputs accepted.
- Bad: Precision < 0.70 means many bad inputs get through, risking security.
- Bad: Recall < 0.70 means many good inputs are blocked, frustrating users.
- Accuracy paradox: If bad inputs are rare, high accuracy can hide poor detection of bad inputs.
- Data leakage: Using test inputs that are too similar to training can inflate metrics falsely.
- Overfitting: Model may block only known bad inputs but fail on new types.
- Ignoring user impact: High false invalid rate frustrates users even if security is strong.
Your input validation model has 98% accuracy but only 12% recall on good inputs. Is it good for production? Why or why not?
Answer: No, it is not good. The low recall means most good inputs are wrongly blocked, causing poor user experience despite high accuracy.
Practice
input validation in machine learning systems?Solution
Step 1: Understand input validation
Input validation means checking if the data is the right type and format before using it.Step 2: Differentiate from sanitization
Input sanitization cleans data, but validation focuses on correctness and format.Final Answer:
To check if the input data is the correct type and format -> Option CQuick Check:
Input validation = Check data type and format [OK]
- Confusing validation with sanitization
- Thinking validation trains the model
- Assuming validation stores data
Solution
Step 1: Check type correctly
Useisinstance(input_value, int)to check if input is an integer.Step 2: Check positivity
Ensure the integer is greater than zero withinput_value > 0.Final Answer:
if isinstance(input_value, int) and input_value > 0: -> Option AQuick Check:
Use isinstance and > 0 for positive integer check [OK]
- Using type() == 'int' (wrong syntax)
- Calling isdigit() on non-string input
- Skipping type check before comparison
def sanitize_input(text):
return text.strip().lower()
user_input = ' Hello World! '
cleaned = sanitize_input(user_input)
print(cleaned)Solution
Step 1: Understand strip()
Thestrip()method removes spaces from the start and end of the string.Step 2: Understand lower()
Thelower()method converts all letters to lowercase.Final Answer:
hello world! -> Option DQuick Check:
strip + lower = 'hello world!' [OK]
- Ignoring strip() effect on spaces
- Confusing lower() with upper()
- Expecting original casing in output
def validate_age(age):
if age.isdigit() and age > 0:
return True
else:
return FalseSolution
Step 1: Check isdigit() usage
isdigit() works on strings, so age should be a string here.Step 2: Identify type mismatch in comparison
Comparingage > 0compares string to int, which causes error.Final Answer:
Comparing string with integer using > operator -> Option AQuick Check:
String > int comparison causes error [OK]
- Assuming isdigit() converts type
- Ignoring type mismatch in comparisons
- Thinking function name affects validation
['25', ' 30', 'twenty', '40', '']. Which code snippet correctly validates and sanitizes this data to keep only valid positive integers?Solution
Step 1: Sanitize input by stripping spaces
Useage.strip()to remove spaces before validation.Step 2: Validate with isdigit() and positive check
Check if stripped string is digits only and convert to int to check > 0.Step 3: Convert valid strings to integers
Useint(age.strip())to convert valid strings to integers.Final Answer:
valid_ages = [int(age.strip()) for age in ages if age.strip().isdigit() and int(age.strip()) > 0] -> Option BQuick Check:
Strip spaces, check digits, convert to int > 0 [OK]
- Not stripping spaces before validation
- Comparing strings directly to numbers
- Including empty or non-digit strings
