Production AI Security Checklist

The short version

An LLM feature has a wider attack surface than a normal one — the input is natural language, the model can be steered, and it often holds the keys to tools and data. This checklist is what to verify before launch. The five areas that catch most teams: 1. **Prompt injection** — both direct and via retrieved/third-party content. 2. **Data handling** — what enters the prompt, what's logged, what's retained, and where PII goes. 3. **Tool guardrails** — confirmation on side-effects, hard limits on anything that spends money or mutates data. 4. **Output safety** — never present model output as verified fact; validate before acting on it. 5. **Cost & abuse** — rate and token caps, per-user limits, kill-switches. The full checklist is ~40 items grouped by area, each with a one-line "how to test it", plus the three controls that are non-negotiable for any launch.