Fix BlockedPromptException: response was blocked in Google Gemini

TL;DR

BlockedPromptException: response was blocked means Gemini's safety filters flagged either your prompt or its generated response. Check response.prompt_feedback and candidate.finish_reason to see which category triggered it, then either adjust safety_settings thresholds or rewrite the prompt.

What triggers this error

Every request runs through four harm categories before Gemini returns anything:

• HARM_CATEGORY_HARASSMENT
• HARM_CATEGORY_HATE_SPEECH
• HARM_CATEGORY_SEXUALLY_EXPLICIT
• HARM_CATEGORY_DANGEROUS_CONTENT

Two distinct failure modes exist. If the prompt itself scores above the threshold, you get BlockedPromptException before a single token is generated. If the response trips a filter mid-generation, the candidate returns with finish_reason = SAFETY and an empty text field.

Step 1 — Diagnose exactly what was blocked

Skip the guesswork — read the feedback object directly:

import google.generativeai as genai

genai.configure(api_key="YOUR_API_KEY")
model = genai.GenerativeModel("gemini-1.5-pro")

try:
    response = model.generate_content("your prompt here")
    print(response.text)
except Exception as e:
    print(f"Exception: {e}")

Even on failure, the response object still carries diagnostic data. Inspect it like this:

response = model.generate_content("your prompt here", stream=False)

# Check prompt-level block
print("Prompt feedback:", response.prompt_feedback)

# Check candidate-level block
for candidate in response.candidates:
    print("Finish reason:", candidate.finish_reason)
    print("Safety ratings:", candidate.safety_ratings)

A blocked prompt shows block_reason populated in prompt_feedback. A blocked response shows finish_reason = FinishReason.SAFETY on the candidate with no text content.

Fix 1 — Lower safety thresholds for your use case

The default threshold for most categories is BLOCK_MEDIUM_AND_ABOVE. Switch to BLOCK_ONLY_HIGH to allow more content through, or BLOCK_NONE to disable a category entirely — though BLOCK_NONE requires allowlisted API access.

import google.generativeai as genai
from google.generativeai.types import HarmCategory, HarmBlockThreshold

genai.configure(api_key="YOUR_API_KEY")

safety_settings = {
    HarmCategory.HARM_CATEGORY_HARASSMENT: HarmBlockThreshold.BLOCK_ONLY_HIGH,
    HarmCategory.HARM_CATEGORY_HATE_SPEECH: HarmBlockThreshold.BLOCK_ONLY_HIGH,
    HarmCategory.HARM_CATEGORY_SEXUALLY_EXPLICIT: HarmBlockThreshold.BLOCK_MEDIUM_AND_ABOVE,
    HarmCategory.HARM_CATEGORY_DANGEROUS_CONTENT: HarmBlockThreshold.BLOCK_ONLY_HIGH,
}

model = genai.GenerativeModel(
    model_name="gemini-1.5-pro",
    safety_settings=safety_settings
)

response = model.generate_content("your prompt here")
print(response.text)

Threshold values, from strictest to most permissive:

• BLOCK_LOW_AND_ABOVE — blocks low, medium, and high severity
• BLOCK_MEDIUM_AND_ABOVE — default for most categories
• BLOCK_ONLY_HIGH — only blocks clearly harmful content
• BLOCK_NONE — disables the filter (requires allowlisted API access)

Fix 2 — Rewrite the prompt to avoid triggering filters

Safety filters often block prompts not because the intent is harmful, but because specific phrasing pattern-matches against flagged content. Security research questions, medical content, fiction involving conflict, and any mention of weapons or chemicals — even in neutral contexts — are common triggers.

These rewrites usually help:

• Add explicit context: "For a penetration testing report..." or "In a fictional story..."
• Use technical framing instead of colloquial phrasing
• Split a long prompt into smaller pieces — a sentence that triggers a filter in a larger context often passes when sent alone
• Ask how to prevent something rather than how to do it

# Instead of this (may trigger DANGEROUS_CONTENT):
prompt = "How do I exploit a buffer overflow vulnerability?"

# Try this:
prompt = """
I'm writing a secure code review guide. Explain how buffer overflow
vulnerabilities work at a technical level and what input validation
techniques prevent them. Focus on defensive practices.
"""

Fix 3 — Handle blocked responses gracefully in production

Letting BlockedPromptException crash your app is rarely the right call. Wrap calls with fallback logic that surfaces useful diagnostics instead of a stack trace:

import google.generativeai as genai
from google.generativeai.types import HarmCategory, HarmBlockThreshold
from google.api_core.exceptions import GoogleAPIError

def safe_generate(model, prompt: str) -> str | None:
    try:
        response = model.generate_content(prompt)

        if not response.candidates:
            block_reason = response.prompt_feedback.block_reason
            print(f"Prompt blocked: {block_reason}")
            return None

        candidate = response.candidates[0]

        if candidate.finish_reason.name == "SAFETY":
            ratings = {r.category.name: r.probability.name
                      for r in candidate.safety_ratings}
            print(f"Response blocked by safety. Ratings: {ratings}")
            return None

        return response.text

    except Exception as e:
        print(f"API error: {e}")
        return None

model = genai.GenerativeModel("gemini-1.5-pro")
result = safe_generate(model, "your prompt here")

if result:
    print(result)
else:
    print("Content could not be generated — review your prompt.")

Fix 4 — Use a system instruction to set context

Gemini 1.5+ accepts system instructions that establish persistent context before any user message arrives. This is particularly useful when your app has a legitimate use case — cybersecurity training, medical education, fiction writing — that the default safety config misreads as a threat.

model = genai.GenerativeModel(
    model_name="gemini-1.5-pro",
    system_instruction=(
        "You are a cybersecurity training assistant helping developers "
        "understand vulnerabilities for defensive purposes. "
        "Provide technically accurate information suitable for security professionals."
    )
)

Verify the fix worked

Run a structured check after applying any fix above:

response = model.generate_content("your prompt here")

# Should be empty if not blocked
print("Block reason:", response.prompt_feedback.block_reason)

# Should be FinishReason.STOP if successful
print("Finish reason:", response.candidates[0].finish_reason)

# Should have actual content
print("Text length:", len(response.text))
print("First 200 chars:", response.text[:200])

A clean response shows block_reason = 0 (no block), finish_reason = STOP, and non-empty text. All three need to pass.

When nothing works

Still blocked after adjusting thresholds and rewriting prompts? Work through this checklist:

• Check your API tier — BLOCK_NONE requires explicit allowlisting from Google. Request access through the Google Cloud console under the Gemini API settings.
• Try a different model — gemini-2.0-flash and gemini-1.5-flash have slightly different default thresholds than gemini-pro and may pass prompts that the older model blocks.
• Switch to the Vertex AI SDK — enterprise deployments via Vertex AI expose more granular safety controls than the direct Gemini API.
• Review the official safety settings docs for your SDK version. Threshold options change between releases, so what worked on 0.4.x may differ on 0.8.x.