To address security risks—particularly adversarial vulnerability and out-of-domain (OOD) generation—in large language models (LLMs) deployed for narrow-domain tasks (e.g., customer service), this paper formally introduces the problem of *domain certification*: rigorously guaranteeing that model outputs remain confined to a specified target domain. We propose VALID, a lightweight, post-hoc certification framework that computes verifiable upper bounds on the probability of OOD outputs, leveraging statistical confidence intervals and input perturbation analysis—without any fine-tuning or retraining. VALID balances safety and rejection reasonableness: across multiple domain-specific benchmarks, it achieves tight probabilistic certificates with average error <3.2%, while inducing only negligible increases in rejection rate. Our key contributions are threefold: (1) the first formal definition of domain certification; (2) a theoretically grounded, verifiable probabilistic bound for OOD output likelihood; and (3) a practical, zero-training-overhead certification method deployable in real-world narrow-domain LLM applications.

Large language models (LLMs) are often deployed to perform constrained tasks, with narrow domains. For example, customer support bots can be built on top of LLMs, relying on their broad language understanding and capabilities to enhance performance. However, these LLMs are adversarially susceptible, potentially generating outputs outside the intended domain. To formalize, assess, and mitigate this risk, we introduce domain certification; a guarantee that accurately characterizes the out-of-domain behavior of language models. We then propose a simple yet effective approach, which we call VALID that provides adversarial bounds as a certificate. Finally, we evaluate our method across a diverse set of datasets, demonstrating that it yields meaningful certificates, which bound the probability of out-of-domain samples tightly with minimum penalty to refusal behavior.