Depends on the model/provider. If you're running this in Azure you can use their content filtering which includes jailbreak and prompt exfiltration protection. Otherwise you can strap some heuristics in front or utilize a smaller specialized model that looks at the incoming prompts.
With stronger models like GPT4 that will adhere to every instruction of the system prompt you can harden it pretty well with instructions alone, GPT3.5 not so much.
I've implemented a few of these and that's about the most lazy implementation possible. That system prompt must be 4 words and a crayon drawing. No jailbreak protection, no conversation alignment, no blocking of conversation atypical requests? Amateur hour, but I bet someone got paid.
MRGA!!
This is made with a Stable Diffusion LoRA called FriedEgg. Here, I used it to generate a wider version: 
Remember when Internet Explorer/Edge was only used to download Chrome. Well, ironically these days I only use Chrome to make video calls.
I mean, I like a good Google hate train as much as the next guy, but that's kind of a legitimate thing to want.
Also, ladies of the night and nose clams.
Better host it yourself, because the managed version of Ghost has the lovely dark pattern that you cannot cancel your plan without them immediately deleting everything, no matter if your plan is still paid for for another few months or not. Really left a bad taste on my mouth.
The Huthis have been launching ballistic missiles across country lines and target (among other things) international shipping lanes somewhat recently. They're not soldering up IEDs in caves to fend of a US invasion force, so I'm not sure how apt the comparison with Afghanistan is.
Eh, that's not quite true. There is a general alignment tax, meaning aligning the LLM during RLHF lobotomizes it some, but we're talking about usecase specific bots, e.g. for customer support for specific properties/brands/websites. In those cases, locking them down to specific conversations and topics still gives them a lot of leeway, and their understanding of what the user wants and the ways it can respond are still very good.