Glossary / llm-security-posture-management

LLM Security Posture Management (LLM-SPM)

A focused layer within AI-SPM that covers prompt flows, model endpoints, and runtime controls for large language model applications.

Discipline

← All terms

LLM Security Posture Management (LLM-SPM) is the LLM-focused subset of AI-SPM. It covers the discovery, testing, runtime control, and audit posture for any system whose core dependency is a large language model: customer chatbots, internal copilots, summarisation services, and RAG-backed assistants.

LLM-SPM and AI-SPM are not substitutes. A team can run LLM-SPM in isolation if the AI surface is limited to a single chat endpoint with no agents and no MCP servers. Once tool-calling agents, MCP servers, vector databases, and orchestrated pipelines enter the picture, LLM-SPM becomes one layer inside a broader AI-SPM programme.

The OWASP LLM Top 10 is the most direct framework for LLM-SPM scope; OWASP Agentic Top 10 and the broader NIST AI 600-1 Profile cover the additional surfaces that AI-SPM addresses.

Related terms

Other entries in this neighbourhood.

AI Security Posture Management (AI-SPM) Continuous discipline that discovers, assesses, secures, and proves the compliance posture of AI systems including LLM apps, agents, MCP servers, RAG pipelines, and vector databases. Prompt Injection An attack that smuggles attacker-controlled instructions into a model prompt to override the developer instructions or extract sensitive data. Adversarial Scan A scheduled execution of probe templates against an LLM endpoint, agent, or RAG pipeline, scored to produce control-mapped findings.
Primary sources

Where to read the canonical definition.

See LLM Security Posture Management (LLM-SPM) in production.

The Penaxtra platform implements the controls and assessments described above as part of its AI-SPM programme.

AI-SPM platform overview