Best Practices

Recommendations for securing your LLM deployments against known threats.

Summary

Securing an LLM deployment means treating the model as an untrusted component in a larger system: limit what it can reach, watch it continuously, and vet everything that goes into building and running it. The sections below cover the three areas that matter most — shrinking the attack surface exposed to the model and its users, automating detection and response so issues surface quickly, and locking down the supply chain of models, data, and dependencies the deployment depends on.

Reducing Attack Surface

Minimizing exposure and limiting attack vectors in LLM systems.

  1. Enforce strict input validation and output encoding so prompt injection can't reach downstream systems.
  2. Apply least-privilege access controls to any tools, plugins, or APIs the model is allowed to invoke.
  3. Disable unused model capabilities (code execution, file access, browsing) behind explicit opt-in.

Automations

Automating security monitoring and response for LLM deployments.

  1. Continuously monitor CVE, NVD, and GHSA feeds for newly disclosed LLM-related vulnerabilities and auto-tag by severity.
  2. Automate regression testing of guardrails and safety filters on every model or prompt change.
  3. Set up automated alerting that pages on-call teams when anomalous model behavior or jailbreak attempts are detected.

Supply Chains

Securing LLM supply chains, including model sources and third-party dependencies.

  1. Verify the provenance and integrity of model weights, checkpoints, and datasets before deployment.
  2. Maintain a software bill of materials (SBOM) covering third-party libraries, plugins, and fine-tuning data sources.
  3. Pin and audit dependency versions, applying upstream security patches promptly when vulnerabilities are disclosed.