PART 4Prevention
Slides 18–25 · 7 mitigation categories
Slide 18 · Prevention Overview
Seven controls. Every LLM application needs most of them.
No single fix covers all four attack patterns. Layer these.
🚫M1 — Zero-Trust Output — Slide 19
Treat every LLM response as untrusted user input. Apply the same security controls you would apply to data from an anonymous web form.
📝M2 — Context-Aware Output Encoding — Slide 20
HTML-encode output going into web pages. URL-encode output going into links. Different context, different encoding.
🗄️M3 — Safe Query APIs — Slide 21
Use parameterized queries for any LLM output that feeds a database. Never concatenate LLM text into SQL.
📦M4 — Sandbox Code Execution — Slide 22
Run LLM-generated code in a container or micro-VM with no network access and no access to the host filesystem.
✅M5 — Structured Output & Allowlists — Slide 23
Require LLMs to return JSON schemas or predefined categories. Validate output matches the expected structure before use.
🛡️M6 — Content Security Policy — Slide 24
Browser-side CSP headers stop inline scripts even if an XSS payload slips through output encoding.
🔑M7 — Least Privilege & Monitoring — Slide 25
Grant LLM-connected services minimum permissions. Log all LLM output that flows downstream. Alert on suspicious patterns.