← ALL SESSIONS
Thu Dec 10 · 9:00 AM NISTAI SESSION #53337

Securing LLMs in Production: From OWASP Top-10 to Guardrails that Work

Rohit Bhardwaj
Rohit Bhardwaj
DIRECTOR OF ARCHITECTURE, EXPERT IN CLOUD-NATIVE SOLUTIONS
01 / ABOUT THIS SESSION

Large Language Models unlock new capabilities—and expose brand-new attack surfaces.
From prompt injection and data exfiltration to model denial-of-service and insecure plugin calls, adversaries are exploiting weaknesses traditional AppSec never anticipated.
The new OWASP LLM Top-10 provides a shared vocabulary for AI risks; this session turns that list into actionable engineering practice.
You’ll learn how to threat-model LLM endpoints, design guardrails that actually block malicious behavior, sandbox tools and plug-ins with least privilege, and align your mitigations to the NIST AI Risk Management Framework for audit-ready governance.

Problems Solved

  • Unprotected LLM endpoints vulnerable to prompt injection or jailbreaks
  • Lack of policy filters or content-moderation layers
  • Plugins/tools running with excessive privileges
  • Poor data isolation leading to tenant cross-leakage in RAG systems
  • Missing visibility into misuse, drift, and attack attempts

Why Now

  • OWASP LLM Top-10 (2024–2025) defines a standard taxonomy of AI risks—widely adopted across the industry.
  • AI platforms are moving to production faster than security controls can catch up.
  • Regulators and auditors require demonstrable alignment with frameworks like NIST AI RMF and ISO 42001.
  • Attackers have begun weaponizing generative models through indirect prompt injection and model-driven DoS.

What You’ll Learn

  • Threat-modeling methodology for LLM endpoints and agentic flows
  • Input/output guardrail design: policy filters, allow-lists, block-lists, and content classifiers
  • Sandboxing tools, plug-ins, and function calls with least privilege and egress control
  • Sensitive-data redaction and tenancy-aware retrieval for secure RAG pipelines
  • Red-team drills mapped to OWASP categories and mitigation validation
  • How to map each control to NIST AI RMF (governance, risk, assurance)

Agenda
Opening: The New AI Attack Surface
How LLMs change the threat model. Examples of real-world attacks: prompt injections, indirect injections, model DoS, and exfiltration via vector stores.

Pattern 1: Threat Modeling LLM Endpoints
Identify assets, trust boundaries, and high-risk flows.
Apply STRIDE-inspired analysis to prompts, context windows, retrieval layers, and plugin calls.

Pattern 2: Designing Input/Output Guardrails
Policy filtering, schema validation, and content moderation.
Runtime vs compile-time guardrails—what actually works in production.
Enforcing determinism and fail-safe defaults.

Pattern 3: Sandboxing and Least Privilege Plugins
Secure function calling: scoped IAM, network egress rules, per-plugin secrets, and API key vaulting.
Container isolation and ephemeral agent sandboxes.

Pattern 4: Data Protection and Tenancy in RAG
Redacting sensitive data before embedding.
Segregating tenant vectors and access policies.
Auditing data lineage and evidence paths.

Pattern 5: Red Team & Evaluation Frameworks
Running adversarial simulations aligned with OWASP LLM Top-10.
Common exploits and how to detect them.
Integrating automated red-team tests into CI/CD pipelines.

Pattern 6: Governance & Framework Mapping
Mapping mitigations to NIST AI RMF (categories RA, MA, ME).
Building dashboards and executive summaries for risk reporting.

Wrap-Up & Action Plan
Summarize practical controls that can be implemented within 30 days.
Introduce the Guardrail Policy Starter Kit + Red-Team Runbook templates.
Live checklist review for readiness maturity.

Key Framework References

  • OWASP LLM Top-10 (2024–2025) – Prompt Injection, Data Exfiltration, DoS, Insecure Plugins
  • NIST AI RMF (2023) – Governance + Risk + Assurance Categories
  • ISO/IEC 42001 – AI Management System Standard
  • MITRE ATLAS – Adversarial Tactics for AI Systems
  • OWASP SAMM + ASVS – Integrating AI security into AppSec programs

Takeaways

  • Clear understanding of OWASP LLM Top-10 risks in plain language
  • Guardrail Policy Starter Kit (template YAML + reference policies)
  • Sandboxing Playbook for tools and plugins (scoped IAM, network controls)
  • Red-Team Runbook for testing and validation
  • NIST AI RMF Mapping Guide for executive and audit reporting
  • A practical 30-day roadmap to move from reactive patching → resilient AI security
02 / SESSION DETAILS
FORMAT
90-minute session
TRACK
NISTAI
All signal.
Zero fluff.
DECEMBER 7 - 10, 2026 · OPAL SANDS RESORT · CLEARWATER, FL