AI feature security checklist — LLMs, RAG, agents
The security checklist for adding AI features to your app. Prompt injection, tool-scope, RAG poisoning, rate limits, cost control.
For: Teams adding LLM / agent / RAG features
Prompt injection
- Untrusted input delimited explicitly in prompts
- Destructive tools never reachable from untrusted contentcritical
- Prompt-injection regression corpus in CI
Tool scope
- Each tool has minimum required permissions
- Tool schemas typed and validated
- Tool calls logged with originating prompt
RAG
- Retrieved content treated as untrusted
- Vector DB access scoped by tenant
- Retrieval sources allowlisted
Cost + quota
- Per-user rate limit on every inference endpointcritical
- Per-key daily spend cap at provider (OpenAI, Anthropic)
- Abuse-detection monitors for sudden spend spikes
Transparency
- AI Bill of Materials (AIBOM) published
- Model card for each model in inference path
- Human oversight documented for high-stakes decisions