All posts
SecurityBest PracticesProduction

A Practical Guide to Securing LLM Apps in Production

9 Feb 20267 min readBordair

You have built an AI feature, it works in staging, and your team is ready to ship. But before you go live, there is a security checklist you should walk through. LLM applications have a unique threat model that traditional AppSec playbooks do not fully cover.

1. Input validation before the model

Never send raw user input directly to your LLM. At minimum:

  • Enforce length limits on all inputs
  • Strip or reject unexpected file types
  • Run a prompt injection classifier (like Bordair) on every input before it reaches the model

2. System prompt hardening

Your system prompt should be treated like application code, not a suggestion:

  • Keep it minimal: only include instructions the model actually needs
  • Do not embed secrets, API keys, or internal URLs in the system prompt
  • Use delimiters to clearly separate system instructions from user input
  • Test with adversarial inputs to see if the system prompt leaks

3. Output filtering

Even with good input validation, LLMs can hallucinate or be coerced into producing harmful output. Add a post-processing layer:

  • Check outputs against a blocklist of sensitive patterns (credentials, internal URLs, PII)
  • Validate that structured outputs (JSON, function calls) match expected schemas
  • Use Bordair's output scanning rules to automatically block, redact, or flag sensitive content

4. Least-privilege tool access

If your LLM has access to tools, lock them down:

  • Only expose the minimum set of tools the feature needs
  • Use read-only access wherever possible
  • Require human approval for destructive actions
  • Log every tool invocation for audit

5. Monitoring and alerting

  • Log all inputs, outputs, and tool calls (with PII redaction)
  • Track injection attempt rates: sudden spikes signal active probing
  • Set up alerts for unusual patterns: high block rates, repeated requests from one source

6. Incident response plan

  • Can you kill the AI feature without taking down the whole product?
  • Do you have a way to replay and analyse flagged interactions?
  • Is there a clear escalation path for security incidents involving the LLM?

Protect your LLM application

Add prompt injection detection in minutes with Bordair's API.

Get started free