GroveAI
TechnicalFree Template

AI Security Checklist Template

A comprehensive security checklist for AI systems covering the OWASP Top 10 for LLMs, prompt injection prevention, data leakage protection, access control, model security, and compliance requirements. Designed for security teams and developers building production AI applications.

Overview

What's included

OWASP Top 10 for LLMs assessment
Prompt injection prevention checklist
Data leakage and privacy controls
Authentication and access control requirements
Model and supply chain security
Compliance and audit trail requirements
1

Prompt Injection Prevention

20 itemsto complete

Prompt Injection Prevention

System name:   Assessor:   Date:  

Input Controls

  • User input is separated from system instructions (parameterised prompts)
  • Input length is capped at   characters/tokens
  • Input is sanitised for known injection patterns
  • Special characters and encoding attacks are handled
  • A content filter scans input before it reaches the LLM

System Prompt Protection

  • System prompt does not contain secrets, API keys, or sensitive data
  • System prompt includes explicit instructions to ignore override attempts
  • System prompt is not returned or exposed in error messages
  • System prompt is stored securely and version-controlled

Output Controls

  • LLM output is validated before being executed or displayed
  • Output is not directly used in code execution (eval, exec, SQL)
  • Structured output is validated against a schema before use
  • Output is scanned for PII leakage before delivery to users

Indirect Injection (RAG/Context)

  • Retrieved content is treated as untrusted input
  • Retrieved documents are scanned for injected instructions
  • Content from external sources is sandboxed in the prompt
  • The LLM is instructed to ignore instructions found in context documents

Testing

  • Prompt injection test suite runs on every deployment
  • Red-team testing conducted at least quarterly
  • New injection techniques are added to the test suite as discovered
2

Data Security & Privacy

17 itemsto complete

Data Security & Privacy

Data in Transit

  • All AI API calls use HTTPS/TLS 1.2 or higher
  • API keys are transmitted via headers, not URL parameters
  • WebSocket connections (if used) are encrypted (WSS)
  • Internal service-to-service communication is encrypted

Data at Rest

  • Training data is encrypted at rest
  • User conversation logs are encrypted at rest
  • Vector store data is encrypted at rest
  • Backup data is encrypted

Data Minimisation

  • Only necessary data is sent to the AI provider
  • PII is stripped or pseudonymised before AI processing where possible
  • Conversation history is limited to   messages /   tokens
  • Training data retention policy:   days

Third-Party AI Provider

  • Data processing agreement (DPA) in place
  • Provider's data retention policy reviewed:   days / no retention
  • Provider does NOT use our data for model training (confirmed)
  • Data residency requirements met: data stays in  
  • Provider security certifications verified: SOC2 / ISO27001 /  

PII Handling

Data TypePresent in Input?Present in Output?Mitigation
NamesYes/NoYes/No 
Email addressesYes/NoYes/No 
Phone numbersYes/NoYes/No 
AddressesYes/NoYes/No 
Financial dataYes/NoYes/No 
Health dataYes/NoYes/No 
3

Access Control & Audit

20 itemsto complete

Access Control & Audit

Authentication

  • AI API endpoints require authentication
  • API keys are unique per environment (dev, staging, production)
  • API keys are stored in a secret manager (not in code or config files)
  • API key rotation is scheduled every   days
  • Expired/compromised keys can be revoked immediately

Authorisation

  • Users can only access AI features appropriate to their role
  • Admin functions (prompt editing, model configuration) require elevated access
  • Rate limiting is applied per user/API key:   requests per  
  • IP allowlisting is configured for production endpoints (if applicable)

Audit Trail

  • All AI API requests are logged with timestamp, user ID, and action
  • All prompt changes are logged with author and version
  • All model/configuration changes are logged
  • All admin actions are logged
  • Audit logs are immutable and retained for   months
  • PII in audit logs is redacted or encrypted

Incident Response

  • AI-specific incident response plan exists
  • Incident severity levels defined for AI failures
  • On-call rotation covers AI systems
  • Communication templates prepared for AI incidents
  • Post-incident review process includes AI-specific root cause analysis

Security Review Schedule

ReviewFrequencyLast CompletedNext DueOwner
Prompt injection testingMonthly   
Access control auditQuarterly   
Vendor security reviewAnnually   
Penetration test (AI features)Annually   
Red-team exerciseBi-annually   

Instructions

How to use this template

1

Complete the checklist for each AI system

Work through every item with your development and security teams. Mark items as done, in progress, or not applicable with justification.

2

Prioritise critical gaps

Address prompt injection prevention and data security first. These are the most common and highest-impact AI security risks.

3

Integrate into your CI/CD pipeline

Automate as many security checks as possible: input validation, output scanning, and prompt injection tests should run on every deployment.

4

Schedule regular reviews

AI security threats evolve quickly. Review and update the checklist quarterly and after any security incident.

Watch Out

Common mistakes to avoid

Treating AI security as an afterthought — security should be designed in from the start, not bolted on before launch.
Only defending against known prompt injection techniques — new techniques emerge regularly; keep your defences updated.
Trusting AI provider security by default — verify their security practices and data handling through DPAs and audits.
Not logging AI interactions — without audit trails, investigating security incidents is nearly impossible.
Exposing system prompts in error messages — error handling should never reveal prompt contents or internal system details.

FAQ

Frequently asked questions

The OWASP Top 10 for LLMs identifies prompt injection as the #1 risk, followed by insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft.

Use a defence-in-depth approach: separate user input from system instructions, validate and sanitise inputs, scan for injection patterns, validate outputs before use, and do not use LLM output directly in code execution. No single defence is foolproof — layer multiple controls.

Generally no. System prompts often contain business logic, constraints, and instructions that could be exploited if exposed. Treat system prompts as confidential configuration.

Follow your standard incident response process with AI-specific additions: preserve AI logs (inputs, outputs, prompt versions), assess whether the model was manipulated or data was leaked, and review recent prompt or configuration changes as potential root causes.

Yes. Include AI-specific attack scenarios in your regular penetration testing: prompt injection, data extraction attempts, privilege escalation via AI, and abuse of AI-powered features. Consider engaging testers with AI security expertise.

Related Content

AI Testing Strategy Template

Include security testing in your broader AI test strategy.

AI Risk Assessment Template

Assess security risks alongside other AI project risks.

AI Governance Framework Template

Establish governance structures that support AI security.

Need a custom AI template?

Our team can build tailored templates for your specific business needs. Book a free strategy call.

Book a Strategy CallView Pricing