Playbook
Prompt Injection & Data Safety
Reduce blast radius and keep data scoped.
Security is about boundaries. Keep data scoped, tools constrained, and responses audited.
Prompt injection mitigations
- Instruction hierarchy: system > developer > user
- Tool allowlists and schema validation
- Citation requirements for factual claims
Data boundaries
- Per-tenant or per-team indexes
- Access filters in retrieval
- No secrets in prompts or logs
RBAC + audit
- Role-based permissions for tools
- Audit trails for sensitive actions
- Periodic access reviews
Abuse controls
- Rate limits and anomaly detection
- Hard caps on tokens and tools
- Explicit error states instead of fallbacks
Checklist
- Tool allowlist per role
- Redaction and PII controls
- Audit log retention policy