LLM security may need more than standard API protection

An internal LLM tool had been running for about four months with the usual API security setup, including WAF, , and OAuth. A red team bypassed it in under 30 minutes by using to change how the behaved.

The WAF allowed the request because it was d, well-formed JSON, and valid by normal API rules. Traditional API security works best when inputs are structured and predictable, but LLMs accept everyday language, so a harmful instruction can look like a normal message.

An adds checks that look at what the input is trying to do, detect during a multi-step run, and scan the LLM’s output before users see it. Output scanning can also help catch cases where RAG context leaks into a response.

Key points

  • A standard WAF can miss dangerous instructions if the request looks valid.
  • LLM inputs cannot be protected only by checking a fixed request shape.
  • can try to override or change the .
  • An can inspect intent, mid-run behavior, and final output.
  • RAG-based agents need output checks to reduce the risk of leaking private context.
Read original