Prompt-injection testing
Direct injection (OWASP LLM01), indirect injection via RAG corpus, tool-result injection. Probe families align to OWASP LLM Top 10 (2025).
LLM Security
LLM Security Posture Management
LLM Security Posture Management is a focused layer within AI Security Posture Management (AI-SPM) that helps teams test, monitor, and govern LLM applications, prompt flows, model endpoints, and runtime controls.
Where it fits
LLM Security as a layer of AI-SPM
AI-SPM covers the full AI control surface (assets, agents, MCP servers, RAG, vector DBs, gateways). LLM Security focuses the lens on the language-model-specific surface: prompts, completions, model endpoints, and inline filtering.
Output handling tests
Insecure output handling (LLM02). Detects responses that leak credentials, internal URLs, or executable content; flags downstream consumers without sanitisation.
Sensitive disclosure
Probes for inadvertent leakage of training data, system prompts, embedded credentials, or context-window contents (LLM06). 48 DLP patterns + custom regex.
Excessive agency
Tests for over-broad tool authorisations and missing human-in-the-loop on destructive operations (LLM08 + ASI Agentic Top 10).
Runtime LLM gateway
Optional self-hosted DLP firewall + tool allowlist + per-domain budgets. Prompts never leave the customer VPC when the gateway is in use.
Three-judge consensus
Each adversarial response scored by three independent judges (Anthropic, OpenAI, Google) plus a meta-judge. Reduces single-model bias and surfaces low-confidence cases.
Coverage
OWASP LLM Top 10 (2025) coverage
LLM01 Prompt injection
LLM02 Insecure output handling
LLM03 Training data poisoning
LLM04 Model DoS
LLM05 Supply chain
LLM06 Sensitive info disclosure
LLM07 Insecure plugin design
LLM08 Excessive agency
LLM09 Overreliance
LLM10 Model theft
Primary sources
Every framework cited links back to its publisher.
Auditors verify our control mapping against the same documents we read. Each item below points to the canonical publication.
- OWASP LLM Top 10 2025 edition owasp.org →
- OWASP Agentic Top 10 T1-T15 genai.owasp.org →
- NIST AI 600-1 Generative AI Profile under the NIST AI RMF nvlpubs.nist.gov (PDF) →
- MITRE ATLAS Adversarial ML tactics + techniques atlas.mitre.org →
- EU AI Act Regulation (EU) 2024/1689 eur-lex.europa.eu →
- ISO/IEC 42001 AI management system iso.org/standard/81230 →
Last reviewed:
LLM Security is the entry point. AI-SPM is the programme.
Most teams start with LLM Security testing and expand to full AI-SPM as agents, MCP servers, RAG pipelines, and runtime gateways come into scope.