LLM SECURITY 101 — PART 2
Advanced Risks and Practical Safeguards for Everyday AI Use
As AI tools become more deeply embedded in daily business workflows, the conversation naturally moves beyond basic usage and early mistakes.
Organizations are no longer asking whether to use AI, but how to use it responsibly, securely, and at scale.
After covering the fundamentals in Part 1 — how LLMs work, what they are and are not, and the most common early risks — this second part of the LLM Security 101 series focuses on more advanced scenarios. These are risks that typically emerge as AI systems become more integrated with data pipelines, automation, external resources, and third-party services.
The goal of this article is to build clarity and confidence. By understanding how these risks arise, teams can make better decisions about how AI is trained, connected, and used across the organization.
1) Training Data Manipulation (LLM03)
Training data manipulation occurs when incorrect, biased, or intentionally malicious information enters the datasets used to train or fine-tune an LLM.
Because models learn patterns from data, even small changes can influence behavior over time.
How this may appear:
• subtle shifts in tone or recommendations
• incorrect associations learned by the model
• unexpected trigger phrases
• biased or unreliable outputs
Why it matters:
For organizations using AI in customer communication, analysis, or decision support, these shifts can quietly erode trust and accuracy.
Good practice:
✔ rely on reputable model providers
✔ monitor outputs for unusual patterns
✔ validate datasets for internally trained or fine-tuned models
2) Unauthorized Code Execution (LLM05)
Some AI systems are connected to tools, plugins, scripts, or automation workflows.
In these environments, AI-generated output may be interpreted as an instruction rather than just text.
Potential risks include:
• unintended execution of scripts
• triggering workflows or processes
• modification of files or configurations
• escalation of automated actions
Good practice:
✔ apply strong sandboxing
✔ enforce strict permission boundaries
✔ clearly separate text generation from execution layers
3) Insecure External Resource Calls (LLM06)
LLMs can reference or interact with external resources such as URLs, APIs, or uploaded files.
However, models do not evaluate trust, safety, or intent — they simply generate responses based on patterns.
Common risks:
• unsafe or malicious links
• unverified external content
• reliance on third-party resources that change over time
• accidental exposure to harmful files
Good practice:
✔ verify external links manually
✔ scan uploaded files separately
✔ disable automatic resource fetching where possible
4) Supply Chain Vulnerabilities (LLM07)
LLMs rarely operate in isolation.
They are part of a broader ecosystem that may include:
- model providers
• APIs and gateways
• plugins and integrations
• vector databases
• cloud infrastructure
A weakness in any part of this chain can affect the overall system.
Good practice:
✔ treat AI components as part of the organization’s supply chain
✔ review vendor security documentation
✔ keep integrations and dependencies up to date
5) January Checklist (Practical Recap)
✔ validate model sources and provenance
✔ limit execution-based capabilities
✔ treat external resources as untrusted
✔ include AI tools in supply chain assessments
✔ monitor model behavior over time
What’s next
In February will focus on the remaining risk areas and practical governance topics, including:
- availability and denial-of-service risks
• insecure handling of AI-generated output
• over-reliance on AI systems
• building sustainable and responsible AI usage practices
The series concludes with a practical guide designed to help organizations turn awareness into long-term, secure AI workflows.
Part 1: Basics & Early Risks
Source (reference only):
This article references the OWASP LLM Top 10 categories conceptually.
No text has been copied. Source https://owasp.org/
