LLM Security Checklist
Table of Contents
Quick Answer
Use this LLM security checklist to review prompts, context, RAG retrieval, AI agents, tool calls, output handling, secrets, logs, monitoring, human approval, and responsible testing before an LLM application goes live.
How to Use This Checklist
Use this page as a practical review aid for early design, pre-launch review, and periodic AI security checks. It is not a replacement for a professional security assessment, but it helps beginners and developers ask the right questions. For broader defensive reviews, also see the Security Checklists hub and the Security Tools & Checklists page.
Architecture Checklist
- Map user prompts, system instructions, retrieved content, model output, tools, logs, and sensitive data flows.
- Keep authorization, business rules, and sensitive decisions outside the model.
- Document model providers, dependencies, orchestration libraries, and vector stores.
Prompt and Context Checklist
- Separate trusted instructions from untrusted user and document content.
- Label retrieved content as data, not authority.
- Keep secrets and unnecessary personal data out of prompts.
- Review prompt templates after product or policy changes.
RAG Checklist
- Enforce document-level permissions during retrieval.
- Track ingestion source, date, and ownership.
- Monitor for stale, low-quality, or manipulated documents.
- Control access to vector stores and embedding pipelines.
AI Agent Checklist
- List every tool the agent can call.
- Apply least privilege and structured tool inputs.
- Require approval for sensitive or irreversible actions.
- Limit autonomous loops, retries, and long-running tasks.
Output Handling Checklist
- Validate model output before rendering, executing, storing, or sending it.
- Do not use model output directly as SQL, commands, code, or HTML without controls.
- Use source display and confidence boundaries for knowledge answers.
Secrets, Privacy, Logging, and Monitoring Checklist
- Protect prompt logs and tool-call logs with access control.
- Use retention limits for prompts, outputs, and retrieved data.
- Monitor cost spikes, unusual tool calls, repeated policy failures, and sensitive-data exposure.
- Create an incident response path for AI-specific issues.
Human Review Checklist
- Show users what action will happen before they approve it.
- Make approvals explicit and auditable.
- Require stronger review for financial, legal, security, account, deletion, and external messaging actions.
Beginner Safe Testing Checklist
- Practice in systems you own or have permission to assess.
- Use sample data, not real secrets or private information.
- Avoid testing against third-party production services without authorization.
- Document test cases and expected defensive behavior.
Explore AI Security Topics
AI Security RoadmapStart with the core AI, LLM, prompt, RAG, and agent security concepts beginners should learn first.LLM SecurityLearn how to secure LLM applications, prompts, outputs, tools, logs, and sensitive data flows.Prompt InjectionUnderstand direct and indirect prompt injection in LLM apps, RAG systems, and AI agents.OWASP LLM Top 10Use the OWASP LLM Top 10 as a beginner-friendly risk map for GenAI application security.RAG SecuritySecure retrieval-augmented generation systems, vector stores, document access, and retrieved context.AI Agent SecurityReduce risk when AI systems can call tools, use memory, plan tasks, and perform actions.
FAQs
An LLM security checklist is a practical review list for prompts, context, outputs, tools, RAG retrieval, agents, logs, secrets, monitoring, and approvals.
Developers, product owners, security reviewers, students, and AI builders can use it to structure beginner-friendly LLM application security reviews.
No. It is a learning and review aid. High-risk or production AI applications may still need professional security testing and threat modeling.
Start with data flows, prompt/context separation, output validation, tool permissions, retrieval access control, and human approval for sensitive actions.
Yes. It includes separate sections for RAG systems and AI agents.
Sources and further reading
- OWASP Top 10 for Large Language Model Applications — Checklist mapping to LLM application risks
- OWASP LLM Prompt Injection Prevention Cheat Sheet — Prompt and context control checklist reference
- NIST AI Risk Management Framework — Risk management and governance reference
- MITRE ATLAS — Threat-informed AI security reference