Free Resource

AI Security Checklist

A practical security pass for AI apps covering auth boundaries, secrets, prompt abuse, and data exposure.

Audit secrets handling and environment exposure.
Check role boundaries across APIs, tools, and admin surfaces.
Harden prompts, uploads, and downstream integrations against abuse.
Auth and access
  • Verify every privileged route checks both identity and role.
  • Confirm service-role credentials are never exposed to the client.
  • Review admin-only actions for replay and elevation risks.
Data handling
  • Limit model context to the minimum required sensitive data.
  • Redact or hash logs that may contain customer inputs.
  • Validate upload and retrieval paths for cross-tenant leakage.
AI-specific abuse paths
  • Test prompt injection on retrieval and tool-calling flows.
  • Constrain tool execution with allowlists and server-side checks.
  • Rate-limit expensive model paths and store abuse signals.

Need help applying this to your system?

Bring the resource, your current stack, and the blocker you want fixed. I'll help you turn it into an implementation plan.

Contact Rajesh