LLM Security Checklist
Table of Contents
Quick Answer
Use this LLM security checklist to review prompts, context, RAG retrieval, AI agents, tool calls, output handling, secrets, logs, monitoring, human approval, and responsible testing before an LLM application goes live.
How to Use This Checklist
Use this page as a practical review aid for early design, pre-launch review, and periodic AI security checks. It is not a replacement for a professional security assessment, but it helps beginners and developers ask the right questions. For broader defensive reviews, also see the Security Checklists hub and the Security Tools & Checklists page.
Architecture Checklist
- Map user prompts, system instructions, retrieved content, model output, tools, logs, and sensitive data flows.
- Keep authorization, business rules, and sensitive decisions outside the model.
- Document model providers, dependencies, orchestration libraries, and vector stores.
Prompt and Context Checklist
- Separate trusted instructions from untrusted user and document content.
- Label retrieved content as data, not authority.
- Keep secrets and unnecessary personal data out of prompts.
- Review prompt templates after product or policy changes.
RAG Checklist
- Enforce document-level permissions during retrieval.
- Track ingestion source, date, and ownership.
- Monitor for stale, low-quality, or manipulated documents.
- Control access to vector stores and embedding pipelines.
AI Agent and MCP Checklist
- List every agent, tool, skill, plugin, and MCP server.
- Separate user, agent, and service identities.
- Apply least privilege and structured tool inputs.
- Validate tool schemas, arguments, target resources, and business rules outside the model.
- Require approval for sensitive or irreversible actions.
- Limit autonomous loops, retries, and long-running tasks.
- Keep emergency disable, credential revocation, and rollback controls.
Output Handling Checklist
- Validate model output before rendering, executing, storing, or sending it.
- Do not use model output directly as SQL, commands, code, or HTML without controls.
- Use source display and confidence boundaries for knowledge answers.
Secrets, Privacy, Logging, and Monitoring Checklist
- Protect prompt logs and tool-call logs with access control.
- Use retention limits for prompts, outputs, and retrieved data.
- Monitor cost spikes, unusual tool calls, repeated policy failures, and sensitive-data exposure.
- Create an incident response path for AI-specific issues.
Human Review Checklist
- Show users what action will happen before they approve it.
- Make approvals explicit and auditable.
- Require stronger review for financial, legal, security, account, deletion, and external messaging actions.
Beginner Safe Testing Checklist
- Practice in systems you own or have permission to assess.
- Use sample data, not real secrets or private information.
- Avoid testing against third-party production services without authorization.
- Document test cases and expected defensive behavior.
MCP Server Review
- Maintain an approved inventory of MCP servers and owners.
- Review requested scopes, tools, resources, files, and network destinations.
- Pin and diff tool definitions and schemas.
- Sandbox local servers and protect tokens for remote servers.
- Log discovery, consent, calls, results, and definition changes.
Explore AI Security Topics
AI Security RoadmapStart with AI, LLM, prompt, RAG, agent, MCP, and defensive security concepts.LLM SecuritySecure LLM applications, prompts, outputs, tools, logs, and sensitive data flows.Prompt InjectionUnderstand direct and indirect prompt injection across LLM apps and agents.OWASP LLM Top 10Use the OWASP LLM Top 10 as a risk map for GenAI application security.RAG SecuritySecure retrieved documents, vector stores, permissions, provenance, and outputs.AI Agent SecurityControl agent identity, tools, memory, approvals, monitoring, and recovery.
FAQs
An LLM security checklist is a practical review list for prompts, context, outputs, tools, RAG retrieval, agents, logs, secrets, monitoring, and approvals.
Developers, product owners, security reviewers, students, and AI builders can use it to structure beginner-friendly LLM application security reviews.
No. It is a learning and review aid. High-risk or production AI applications may still need professional security testing and threat modeling.
Start with data flows, prompt/context separation, output validation, tool permissions, retrieval access control, and human approval for sensitive actions.
Yes. It includes separate sections for RAG systems and AI agents.
Sources and further reading
- OWASP Top 10 for Large Language Model Applications — Checklist mapping to LLM application risks
- OWASP LLM Prompt Injection Prevention Cheat Sheet — Prompt and context control checklist reference
- NIST AI Risk Management Framework — Risk management and governance reference
- MITRE ATLAS — Threat-informed AI security reference