Securing LLMs in Production: From OWASP Top-10 to Guardrails that Work

Large Language Models unlock new capabilities—and expose brand-new attack surfaces.
From prompt injection and data exfiltration to model denial-of-service and insecure plugin calls, adversaries are exploiting weaknesses traditional AppSec never anticipated.
The new OWASP LLM Top-10 provides a shared vocabulary for AI risks; this session turns that list into actionable engineering practice.
You’ll learn how to threat-model LLM endpoints, design guardrails that actually block malicious behavior, sandbox tools and plug-ins with least privilege, and align your mitigations to the NIST AI Risk Management Framework for audit-ready governance.

Problems Solved

• Unprotected LLM endpoints vulnerable to prompt injection or jailbreaks
• Lack of policy filters or content-moderation layers
• Plugins/tools running with excessive privileges
• Poor data isolation leading to tenant cross-leakage in RAG systems
• Missing visibility into misuse, drift, and attack attempts

Why Now

• OWASP LLM Top-10 (2024–2025) defines a standard taxonomy of AI risks—widely adopted across the industry.
• AI platforms are moving to production faster than security controls can catch up.
• Regulators and auditors require demonstrable alignment with frameworks like NIST AI RMF and ISO 42001.
• Attackers have begun weaponizing generative models through indirect prompt injection and model-driven DoS.

What You’ll Learn

• Threat-modeling methodology for LLM endpoints and agentic flows
• Input/output guardrail design: policy filters, allow-lists, block-lists, and content classifiers
• Sandboxing tools, plug-ins, and function calls with least privilege and egress control
• Sensitive-data redaction and tenancy-aware retrieval for secure RAG pipelines
• Red-team drills mapped to OWASP categories and mitigation validation
• How to map each control to NIST AI RMF (governance, risk, assurance)

Agenda
Opening: The New AI Attack Surface
How LLMs change the threat model. Examples of real-world attacks: prompt injections, indirect injections, model DoS, and exfiltration via vector stores.

Pattern 1: Threat Modeling LLM Endpoints
Identify assets, trust boundaries, and high-risk flows.
Apply STRIDE-inspired analysis to prompts, context windows, retrieval layers, and plugin calls.

Pattern 2: Designing Input/Output Guardrails
Policy filtering, schema validation, and content moderation.
Runtime vs compile-time guardrails—what actually works in production.
Enforcing determinism and fail-safe defaults.

Pattern 3: Sandboxing and Least Privilege Plugins
Secure function calling: scoped IAM, network egress rules, per-plugin secrets, and API key vaulting.
Container isolation and ephemeral agent sandboxes.

Pattern 4: Data Protection and Tenancy in RAG
Redacting sensitive data before embedding.
Segregating tenant vectors and access policies.
Auditing data lineage and evidence paths.

Pattern 5: Red Team & Evaluation Frameworks
Running adversarial simulations aligned with OWASP LLM Top-10.
Common exploits and how to detect them.
Integrating automated red-team tests into CI/CD pipelines.

Pattern 6: Governance & Framework Mapping
Mapping mitigations to NIST AI RMF (categories RA, MA, ME).
Building dashboards and executive summaries for risk reporting.

Wrap-Up & Action Plan
Summarize practical controls that can be implemented within 30 days.
Introduce the Guardrail Policy Starter Kit + Red-Team Runbook templates.
Live checklist review for readiness maturity.

Key Framework References

• OWASP LLM Top-10 (2024–2025) – Prompt Injection, Data Exfiltration, DoS, Insecure Plugins
• NIST AI RMF (2023) – Governance + Risk + Assurance Categories
• ISO/IEC 42001 – AI Management System Standard
• MITRE ATLAS – Adversarial Tactics for AI Systems
• OWASP SAMM + ASVS – Integrating AI security into AppSec programs

Takeaways

• Clear understanding of OWASP LLM Top-10 risks in plain language
• Guardrail Policy Starter Kit (template YAML + reference policies)
• Sandboxing Playbook for tools and plugins (scoped IAM, network controls)
• Red-Team Runbook for testing and validation
• NIST AI RMF Mapping Guide for executive and audit reporting
• A practical 30-day roadmap to move from reactive patching → resilient AI security