Prompt injection
Treat retrieved content and tool inputs as untrusted. Add allowlists, output checks, and strict tool scopes.
Secure
Security and privacy playbooks
Local hosting improves data control, but it does not remove application-layer AI risks. Use these controls as baseline requirements.
Operational checklist
Sensitive information disclosure
Redact secrets before context injection. Disable unnecessary logs. Separate prod and eval data stores.
Improper output handling
Validate model outputs before executing tools or shell commands. Require schema checks and policy gates.
Excessive agency
Use least privilege for tools and credentials. Require human confirmation for irreversible actions.
Supply chain vulnerabilities
Pin model revisions, verify checksums, and keep a signed inventory of runtimes and model artifacts.