Keep open source software up to date with patches
Ensure no security vulnerabilities are latent
Enable two-factor Authentication for dashboards and GUIs
Configure IAM roles for Cloud infrastructure
Consider using a multi-LLM system with intermediary agents for data transformation
Add comprehensive monitoring for unusual access/excess patterns and anomalous requests
Secure logs and dashboards from javascript-based attacks, executing code, or following links
Choose a frontier model with strong guardrails
Tune an OSS model to reduce bias, harm, and other undesirable outputs
Add external defenses for prompt injection and jailbreaks
Work with legal and PR to add a legal disclaimer for publicly available AI-enabled systems
Implement regular security testing or apply a bug bounty
Add system prompt based defenses
Do not store API keys, secret routes, PII, or proprietary private information in system prompts
Implement rate limiting to restrict submission frequency and complexity
Manage context window size and information retention when possible
Ensure data is scrubbed of private information before it enters the RAG system (including metadata)
Ensure all enabled tools and agents that interact with APIs have scoped roles
Configure tools and agents to access only the minimum data needed for operational goals
Make tools and agents that interact with APIs read-only when possible
Ensure robust input validation and output encoding on all input sources:
Forms
API requests
File uploads
Input from integrations with other systems
Prevent verbose logging to web sockets or debug consoles
Implement sandboxing to isolate AI components from critical systems, especially multimodal systems (SSRF)
