Semantic Caching for LLMs: Safe Design and Testing
A semantic cache returns a prior response when a new request is judged equivalent enough. Use it only when answer equivalence is testable, identity and authorization boundaries are part of lookup, freshness can be enforced, and a false hit is less harmful than a fresh model call.
Distinguish semantic response caching from prompt caching
| Decision | Semantic response cache | Exact prompt-prefix cache | Required evidence |
|---|---|---|---|
| What is reused? | A previously generated application response | Provider-side computation for an identical prompt prefix | Trace which layer produced the reuse |
| Match rule | Application-defined similarity plus metadata and policy constraints | Exact reusable prefix under provider behavior | Record eligibility and match reason |
| Answer generation | A hit may skip a new model answer | The model still generates a new continuation | Do not infer identical output from prefix reuse |
| Primary risk | False equivalence, stale facts, or cross-boundary reuse | Poor hit rate from changing early prompt content | Measure correctness and operating benefit separately |
| Invalidation owner | The application owns content, source, user, and policy invalidation | The provider owns cache lifetime; the application controls prompt shape | Document which controls are available |
| Best fit | Repeated, low-risk intents with stable, reusable answers | Long requests sharing stable instructions, examples, tools, or reference prefixes | Verify repeated workload shape before adoption |
OpenAI's Prompt Caching documentation describes exact prefix matching and states that cached prefixes do not make otherwise identical nondeterministic requests return identical results. Semantic caching is different: it is an application decision to serve an earlier response. Keep those telemetry and risk models separate.
Define answer equivalence before choosing similarity
Text similarity alone cannot decide whether two requests deserve the same answer. “How do I restart my device?” may be stable public guidance, while “what is my current balance?” depends on identity and current state. Add fields that determine meaning: locale, product version, user role, tenant, policy, retrieval corpus, time sensitivity, tool availability, and required response format.
Build labeled pairs or groups representing safe reuse, must miss, and uncertain. Include paraphrases, negation, changed numbers, different entities, temporal words, changed permissions, follow-up turns, and adversarial near matches. Choose a similarity model and threshold from this corpus, then inspect false hits by consequence. The GPT Semantic Cache paper offers a primary implementation example using query embeddings and an in-memory cache, but its evaluated workload does not certify a threshold for another application.
Use asymmetric policy when needed. A general request can reuse a general answer; a request containing account, legal, medical, pricing, inventory, or authorization context may always bypass. For mixed answers, cache stable fragments rather than the final composed response.
Make freshness, isolation, and invalidation explicit
A cache entry should carry the normalized intent, response, creation time, expiry, tenant or visibility partition, source versions, model and prompt version, policy version, locale, and validation result. Do not embed one tenant's restricted answer in a shared semantic space and rely on similarity to keep it isolated.
Invalidation needs events as well as time. Product documentation, prices, policies, permissions, retrieval indexes, schemas, and known corrections can change before a time-to-live expires. Link entries to version identifiers or dependency tags so a change can make affected content ineligible. If precise invalidation is impossible, shorten eligibility or skip reuse.
Pass cache hits through the same final output validation and current policy checks as fresh responses. A prior answer may have been valid when created but no longer satisfy today's schema, permission, or safety rule.
Semantic caching failure cases
- Negation collision: “enable” and “do not enable” embed closely. Include contrastive must-miss cases.
- Entity substitution: a similar request concerns another customer, contract, region, or model version. Bind identity-bearing metadata.
- Stale authority: an old response survives a policy or source change. Use dependency versions and invalidation events.
- Conversation leakage: a standalone query reuses an answer that depended on prior turns. Include conversation state or bypass multi-turn cases.
- Hit-rate optimization: a looser threshold improves reuse while false hits grow. Treat reviewed correctness as the gate.
- Silent fallback: cache infrastructure failure changes request behavior without telemetry. Define bypass behavior and monitor both paths.
A practical implementation sequence
- Choose eligible intents. Begin with repeated, stable, low-consequence answers whose source and policy dependencies are known.
- Write the equivalence contract. Name meaning-bearing fields, partition boundaries, must-miss conditions, expiry, and invalidation triggers.
- Create reviewed match cases. Include paraphrases and hard negatives across entities, time, permissions, versions, numbers, and languages.
- Evaluate offline. Compare candidate representations and thresholds using false-hit severity, missed reuse, and slice behavior.
- Shadow the cache. Compute would-be hits while serving fresh answers, then compare content and validator outcomes without user impact.
- Release with traceable bypass. Monitor age, match reason, partition, invalidation, false-hit reports, latency, and downstream quality through the latency optimization framework.
Decision summary
Use exact prefix caching when repeated requests share a stable prefix and a fresh continuation is still required. Use semantic response caching only when your application can defend the equivalence rule, freshness window, and authorization partition. For large changing context, improve selection first with LLM context-window management.
Primary and official sources
- Regmi and Pun, “GPT Semantic Cache” — primary research describing embedding-based semantic response reuse.
- OpenAI API: Prompt Caching — official documentation for exact prompt-prefix caching behavior, measurements, and current controls.