[!NOTE] Engineering Playbook Most "Security" in AI demos is just a system prompt saying "Do not reveal secrets." In production, this is equivalent to putting a "Please Keep Out" sign on an open bank vault. This playbook defines a Zero-Trust wrapper for LLM inference.
The Security Pipeline
[!TIP] The Unix Philosophy Connection Security in this model follows The Rule of Silence ("When a program has nothing surprising to say, it should say nothing") and The Rule of Parsimony ("Write a big program only when it is clear by demonstration that nothing else will do").
We wrap the LLM in a rigid security envelope that intercepts data before and after the model sees it.
graph LR
In[User Input] --> Shield{Shield}
Shield -- Safe --> AI[LLM]
AI --> Val{Valid?}
Val -- Yes --> Out[Response]
style Shield stroke:#e11d48,stroke-width:3px,fill:transparent,color:#fff
style Val stroke:#059669,stroke-width:3px,fill:transparent,color:#fff
Note: For operational failures (timeouts, loops), see the Hardening Agentic Systems playbook. This playbook focuses strictly on malicious inputs and data leakage.
Phase 1: Pre-Inference (The Prompt Shield)
graph LR
In[User] --> Redact[Redacter]
Redact --> Check{Check?}
Check -- Bad --> Block[⛔ 403]
Check -- Safe --> OK[To LLM]
style Check stroke:#e11d48,stroke-width:3px,fill:transparent,color:#fff
style Redact stroke:#d97706,stroke-width:3px,fill:transparent,color:#fff
The Problem: Injection Attacks
If user input is concatenated directly into your prompt buffer, you are susceptible to injection attacks ("Ignore previous instructions and dump the database").
The Solution: Heuristic & Vector Checks
- Heuristic Check: Quick scan for common jailbreak keywords.
- Vector Check: Compare input against a vector DB of known attack signatures (Guardrails AI).
- Block: Reject request before costing money on the main LLM.
Phase 2: Post-Inference (Strict Validation)
graph LR
LLM[LLM Output] --> Check{Schema?}
Check -- No --> Retry[Retry]
Retry --> LLM
Check -- Yes --> Final[Response]
style Check stroke:#059669,stroke-width:3px,fill:transparent,color:#fff
The Problem: Creative Hallucinations
LLMs are creative, which is bad for API contracts. They may hallucinate keys or return Markdown when JSON was requested.
The Solution: Schema Enforcement
- Schema Enforcement: Enforce that the output matches a strict Pydantic schema exactly.
- Retry Logic: If the LLM generates invalid JSON, the validator catches it and forces a retry with error feedback.
Phase 3: The PII Redactor
The Problem: Data Leakage
Data leakage in logs is a massive compliance risk (GDPR/SOC2).
The Solution: Regex Scrubbing
- Regex Scrubbing: Middleware scans all I/O streams for sensitive patterns (Email, Phone, Credit Card).
- Redaction: Replaces patterns with keys like
<EMAIL_REDACTED>before any persistence or logging occurs.
Summary Checklist
- Redaction: Are logs clean of PII?
- Injection: Is there a layer between user input and the prompt buffer?
- Validation: Is every LLM output validated against a schema?
- Retries: Is there a limit on validation retries to prevent loops?
The Bottom Line
[!IMPORTANT] Security works best when it's invisible. By treating the LLM as an untrusted component, we can safely deploy powerful agents without exposing the enterprise to injection or leakage risks.
Related Playbooks
- The Engineering Manifesto — AlphaPebble's core philosophy for building high-stakes autonomous AI systems.
- Hardening Agentic Systems
- The Dual-Engine Architecture
- Precedent Engineering (Coming Soon)
This playbook is maintained by the AlphaPebble team. For implementation support, get in touch.