Designing Content + AI Systems

I’m a content designer who thinks in systems. I design how products communicate—not just what they say, but how they behave across different contexts, edge cases, and constraints. More recently, that’s included shaping interactions in AI-powered systems, where clarity, trust, and thoughtful failure handling matter just as much as the happy path.

Preventing unintended disclosure in an AI voice agent

While working on an LLM-powered voice agent that processed customer orders, I identified an unexpected behavior during testing: the agent would repeat and act on any personal name provided by a caller when requesting a call transfer.

What initially appeared to be a minor edge case revealed deeper concerns around privacy, safety, and inclusivity in AI behavior.

The problem

During testing, I asked the agent to transfer me to a specific individual by name (e.g., “Matthew”). The agent responded by:

  • Repeating the provided name

  • Confirming the request

  • Proceeding as if that individual were available

This behavior created multiple risks:

  • Unintended disclosure: The agent implicitly confirmed that a named individual was associated with the business and potentially available

  • Safety concerns: A caller could attempt to locate or target a specific person

  • Inconsistent behavior: The agent did not respond uniformly across all names

My investigation

To better understand the issue, I tested the interaction using multiple names, including:

  • “Matthew”

  • “Ellen”

  • “Jemar”

  • “Senem”

I observed that the agent repeated some names (e.g., Matthew, Ellen) but it didn’t consistently recognize or repeat others (e.g., Jemar, Senem). This suggested inconsistent name handling and a potential bias toward more commonly represented or “Anglican-sounding” names.

Framing risks

This behavior extended beyond a simple UX issue because it introduced real-world risks:

  • Privacy leakage: Implicitly confirming whether a person is present or associated with a business without their permission

  • Personal safety concerns: Enabling callers to probe for specific individuals

  • Inclusivity gaps: Uneven recognition of names across different cultural backgrounds

Left unaddressed, this could undermine trust in the system and expose customers, employees, and sellers to harm.

The solution

I partnered with product, design, and engineering to define and implement a clear behavioral guardrail:

The agent should not repeat or confirm the names of individuals who are not actively placing an order or involved in the interaction.

We implemented this change at the system prompt level, shifting the agent’s behavior from:

  • Specific:

    “I’ll transfer you to Matthew.”

to:

  • Generalized:

    “I’ll connect you with someone at the business.”

This ensured the agent could still fulfill the request without exposing or implying information about specific individuals.

The outcome

  • Eliminated the risk of unintended personal disclosure

  • Improved consistency across name handling

  • Introduced a scalable pattern for managing sensitive information in AI interactions

The updated behavior was validated through testing and successfully deployed to production.

What I learned

  • AI systems can surface sensitive information through seemingly small interaction patterns

  • Edge case testing is critical for uncovering hidden risks

  • Prompt-level guardrails are an effective way to shape safe and consistent behavior

    Inclusivity issues can emerge subtly and should be actively evaluated

It’s essential that we don’t design AI interactions just for task completion; we must index on responsibility and trust. By identifying and addressing this issue early, we were able to prevent a bevy of risks that may not have been immediately visible, but had meaningful real-world implications.

Improved behavior for name handling
Jonathan McFadden