AI features open new attack surfaces that classic security reviews miss, prompt injection, data leakage, over-permissioned agents. Securing them is now part of shipping responsibly.
The key risks
- Prompt injection manipulating model behavior.
- Sensitive data leaking into prompts or outputs.
- Over-permissioned agents taking unsafe actions.
- Untrusted third-party content influencing answers.
How to mitigate
- Treat model inputs/outputs as untrusted.
- Apply least privilege to any tool-using agent.
- Filter and isolate sensitive data.
- Log actions and add human review for high-stakes flows.
