AI Security Checklist for Technical Teams

Contents

1. Define the trust boundary

Decide exactly what the model can see and what it can change.

Does it read private data?
Can it call tools?
Can it write files?
Can it trigger notifications or external requests?

If the answer is yes, those actions need a review path and a revocation path.

2. Minimize the input surface

The model should only receive the data it needs.

trim system prompts
avoid dumping whole documents when a summary will do
redact secrets before the prompt layer
separate user-controlled text from instructions

Prompt injection gets easier when the input boundary is vague.

3. Put tools behind policy

Tool access is the part that matters most in real systems. A model with broad write access is not a chatbot anymore; it is a privileged automation engine.

Use:

narrow scopes
explicit allow lists
human approval for destructive actions
structured logging for every tool call

4. Log the decision path

When AI systems fail, the debug trail is usually weak. Record:

prompt version
tool calls
policy decisions
final output
user context where appropriate

That makes incident review possible without exposing the entire data set.

5. Assume the model will be manipulated

The baseline assumption should be that someone will try to push the model into doing the wrong thing.

The defense is not perfection. It is containment:

bounded permissions
rate limits
clear fallbacks
fast rollback

Outcome

AI features are safest when they are treated as constrained systems, not as magical helpers. The more power the feature has, the closer it should sit to normal security engineering discipline.