Input validation for AI apps can't be a simple allow-list the way form validation is, since the input is open-ended language — but it can still catch a lot: length limits, encoding checks, known-jailbreak-pattern classifiers, and stripping executable-looking content (script tags, unusual encodings) before it reaches the model. Output filtering does the mirror-image job on the way out: checking the model's response for leaked secrets, unsafe content, or signs it was successfully manipulated, before that response reaches the user or triggers an action.
Neither layer is sufficient alone. Input validation can't anticipate every phrasing of an attack; output filtering can't undo an action the model already took (like calling a tool). Treat them as complementary nets, not a single gate.