Glossary / LLM Security

LLM Security

LLM security is the practice of assessing a large language model and the systems around it so the model behaves as intended and does not expose data, bypass controls, or take unintended actions.

It covers both the model and its integration points: prompts and system instructions, retrieval data sources (RAG), tool or plugin access, data flows, and how outputs are used by downstream systems.

Common risk areas include prompt injection, sensitive data leakage, unsafe output handling (like executing generated code or queries), excessive tool permissions, and supply-chain issues such as poisoned training data or model theft.

LLM security testing focuses on verifying these controls in practice—what the model can access, what it can trigger, and what safeguards are enforced—so teams have clear evidence and concrete remediation guidance.

Attack vectors that shape LLM security testing

LLM risk is rarely about a single prompt. It comes from how instructions, data, and tools interact in production. Mapping these vectors keeps testing grounded in real behavior and helps teams validate the controls they rely on.

We use these vectors to design controlled tests that confirm prompt boundaries, data access rules, and tool permissions hold up in practice.

Indirect prompt injection via retrieved content

Content in documents, tickets, or web pages is treated as instruction when it should stay as data.

System prompt or context leakage

Responses reveal hidden instructions, policies, or internal context that should remain private.

Tool overreach and permission sprawl

The model can call tools or APIs beyond the current user, tenant, or task scope.

Sensitive data exposure through RAG

Retrieval surfaces data outside intended access controls or retention boundaries.

Unsafe output handling

Generated code, queries, or commands are executed without validation or review.

Model and prompt supply-chain drift

Fine-tunes, prompt templates, or model updates change behavior in ways controls do not cover.

Testing approach for LLM security

LLM testing should feel predictable and controlled. We define the system boundary and access rules up front, then run safe, repeatable scenarios to confirm prompts, retrieval, and tools behave as intended.

Confirm scope and system boundary

We list the models, prompts, RAG sources, tools, and environments in scope and agree on access and timing.

Map data and tool permissions

We document who can access which data, how retrieval is filtered, and what tool actions are allowed.

Run controlled safety checks

We test prompt injection, data exposure, and tool misuse with non-disruptive scenarios tailored to your setup.

Deliver evidence and retest steps

Findings include concrete examples, impact boundaries, and clear steps to verify fixes.

What stays predictable

Fixed scope and test windows agreed before execution
No surprise access paths or tool usage
Clear evidence and retest criteria for internal review

Related glossary terms

Prompt Injection

How untrusted instructions can steer model behavior.
MCP Security

Securing model context protocol tools and boundaries.
AI Agent Security

Controlling tool access and autonomy in agent systems.
API Security Testing

Testing the APIs LLMs call for data and actions.

Safe next step

Walk through LLM security scope,without any pressure

If you are evaluating LLM risk, we can review your prompts, RAG sources, and tool access boundaries and explain what evidence a controlled assessment would produce.

Discuss LLM security testing

or view a sample report first

No obligation to proceed
Scope and access agreed upfront
Clear evidence for internal review