Skip to Content

System Design for AI Applications — Interview Q&A

System design is where AI roles get paid the most. Knowing the model isn’t enough; you need to know how to architect, deploy, monitor, and scale around it.

Real AI engineering is about building systems that are measurable, reliable, grounded, cost-aware, and useful in production. Models are powerful, but the system around the model determines whether the product actually works.


Q1 — How would you design a scalable customer-support chatbot?

What? A multi-region chatbot that handles 100k conversations/day with sub-2-second latency and <0.5% hallucination rate.

Why? Because this is the canonical “design me a system” prompt for AI roles. The interview passes if your architecture handles scale, cost, and observability simultaneously.

How? Build it from components you already understand:

3 Scenarios

Scenario 1 — Burst traffic (Black Friday support surge) 10x normal load for 4 hours. Architecture choices: HPA on CPU; pre-warmed worker pool; queue-based decoupled ingest; autoscale Redis + Postgres read-replica. Without these you 500 the world.

Scenario 2 — Latency target < 200ms for first token Architecture: Tier-0 Redis cache for popular questions; streaming via SSE; model warm-pool (pre-loaded weights); parallel routes (the supervisor decides while the LLM is already responding). Reduces perceived latency without lowering answer quality.

Scenario 3 — Multi-tenant (50 fintech clients in one cluster) Architecture: per-tenant vector collections (or per-tenant postgres schemas); strict tenant filter on every query; tenant header propagated from auth-token; per-tenant rate limits.


Q2 — How do you optimise cost without sacrificing quality?

What? A cost-engineering mindset: token budget, model-tiering, caching, batching, and observability.

Why? Because cloud bills can dwarf salaries in a runaway AI app.

How? Five levers:

  1. Caching: 80% of FAQ traffic hits Tier-0 cache (Redis). No LLM = no tokens.
  2. Model-tiering: simple intents use GPT-3.5-turbo or smaller; only complex reasoning hits GPT-4.
  3. Prompt compression: strip whitespace, examples, redundancy — every 100 tokens saved × 1M requests = real money.
  4. Batching: combine 10 KB-classifications into one LLM call.
  5. Streaming + early-stop: yield tokens as they arrive; abort if user closes window.

3 Scenarios

Scenario 1 — Grew 10x in 3 months (cost went from $5k to $80k/month) Diagnosis: no caching, GPT-4 for every intent. Fix: add Redis cache for FAQs and common intents; classifier runs on 8B open-source model; GPT-4 only for complex multi-hop reasoning. Cost: $80k → $25k.

Scenario 2 — LLM token usage growing unbounded Diagnosis: conversation history is sent in full. Fix: truncation with token counting; keep last N turns; summarise older turns server-side.

Scenario 3 — Users complain about response depth but cost is rising Diagnosis: high temperature + long context = many tokens used. Fix: shorten context; raise concurrency; use long-context models only when the conversation requires it.


Q3 — How would you evaluate a deployed AI system continuously?

What? A continuous-evaluation pipeline where every conversation is scored for quality, retrieval accuracy, and adherence to rules.

Why? Because “looks good last week” is not “good today.” Models drift, embeddings drift, intent distribution shifts.

How? Three layers:

  1. Online metrics: success rate, latency, cost-per-conversation, fallback rate.
  2. Offline metrics (sampled weekly): precision@k of retrieval; faithfulness; adherence.
  3. Human review (sampled weekly): 50 random traces reviewed by domain expert; surface failures.

3 Scenarios

Scenario 1 — Quality drop after re-training a sub-component Diagnosis: nightly eval catches the regression in 24 hours. Without it, the team learns two weeks later via twitter anger.

Scenario 2 — New product launched, intent distribution shifts Diagnosis: intent classifier is now seeing 30% “pension” intents it never saw before. Confidence drops. Prompt-team adds few-shot examples; nightly eval confirms restored quality.

Scenario 3 — Vendor model deprecation Diagnosis: nightly eval catches the silence from one model. Migration: baseline “old model” answers in your golden set; pin to new model + compare against golden set.


Q4 — How do you make a system production-safe for AI specifically?

What? Defences against prompt injection, jailbreak, PII leakage, and runaway costs.

Why? Because the model surface is new attack surface; classic web defenses don’t apply.

How? Six layers:

  1. Pre-LLM: Presidio PII redaction, Lakera Guard jailbreak detection, regex injections.
  2. In-context: structured output / JSON mode; out-of-context answers filtered.
  3. Post-LLM: Compliance filter (prompts + LLM-as-judge), hallucinations grader.
  4. Around the LLM: streaming response with chunk-by-chunk checks for banned phrases.
  5. Tool-facing: tool arg schema validation; tool-call rate limits.
  6. Cost-facing: token budgets per session; alert when >80% consumed.

3 Scenarios

Scenario 1 — Customer types a phishing-style prompt Pre-LLM: Lakera flags. Pre-LLM filter returns {”is_injection”: true, ”confidence”: 0.95}. Request is logged, customer is asked to rephrase.

Scenario 2 — LLM emits PII its own training-data was scraped from Post-LLM: Presidio detects john.doe@gmail.com in the response. Substitute with &lt;EMAIL>. Log the swap.

Scenario 3 — Adversarial customer loops an agent for $900 of LLM calls Cost-facing: per-session token tracker. After 100k tokens, abort the loop. Detective layer: loop detector sees same intent for 50 turns, force-escalate to human.


Q5 — How do you handle the cold-start problem for a new AI feature?

What? When you have no production traffic yet, how do you know if the system is safe?

Why? Because most AI rollouts fail at this exact phase. They optimise the model but skip the rollout muscle.

How? “Dark launch + canary + ramp”:

  1. Shadow: run the AI route in parallel with the legacy one. Log AI outputs but don’t show to customers.
  2. Canary: ~5% of real traffic sees the AI; if metrics improve, bump to 25%.
  3. Ramp + monitoring: every step has metrics, alert thresholds, kill-switch.

3 Scenarios

Scenario 1 — Banking chatbot replacing IVR (“Press 1 for…”) Approach: shadow-run for 2 weeks; canary at 5% to engaged technical customers; observe escalation rate and CSAT. Ramp to 50% if metrics hold.

Scenario 2 — Internal AI summarisation tool Approach: shadow-run; sample outputs from a few hundred documents and grade against human summaries. No production risk because users aren’t affected.

Scenario 3 — Customer-facing search-AI Approach: A/B test with ~5% traffic; monitor satisfaction (thumbs up/down), fallback rate, latency. Kill switch via feature flag.

Advertisement