A Generative AI Engineer is building a production-ready LLM system that uses the Foundation Model API with provisioned throughput to reply directly to customers. They need to prevent the LLM from generating toxic or unsafe responses with the least amount of effort.

Which approach should they use?