Skip to main content
← Learning Center
Interactive Checklist

LLM Security Checklist: 10 Things You're Missing

Most teams are shipping AI features fast — and skipping the security controls that enterprise buyers, compliance auditors, and regulators expect. Go through this checklist. Check off what you have. See what you're missing.

10
Checklist Items
Across 6 categories
~5 min
To Complete
Self-assessment, no signup
3 tiers
Shield Recommendation
Based on your score

Check the boxes for everything your team has covered. Each item expands to show: what's at risk, how to fix it, and how PurfectShield handles it automatically. At the end, you'll get a Shield tier recommendation based on your coverage.

0 / 10 complete0%
Your Score: 0%

Recommended: Shield Foundation

Start here. Every unchecked item is a gap that could result in a data leak, a failed audit, or a lost enterprise deal. Shield Foundation covers items 1-5 on this checklist — get protected in under 10 minutes.

$10K/year
See Pricing

Coverage by Category

Architecture
0/1
Secrets
0/1
Visibility
0/2
Compliance
0/3
Detection
0/1
Threats
0/1
Response
0/1

Close every gap on this checklist

PurfectShield is a local desktop proxy that inspects, redacts, and logs every LLM API call — before data leaves your machine. Deploy in under 10 minutes. No cloud dependencies. No changes to your team's workflow.

See Pricing Book a Demo

Frequently Asked Questions

A checklist is a self-assessment — you evaluate your own posture against known risks. A compliance audit is an external review against a specific framework like SOC 2 or HIPAA. This checklist identifies gaps; remediating them prepares you for an audit. Shield maps every checklist item to specific compliance controls, so closing a gap here directly improves your audit readiness.
Deploying Shield — which covers items 1, 2, 5, 7, and 8 on this checklist — takes under 10 minutes: install the desktop app, set one environment variable, and restart your LLM clients. The organizational items (inventory, incident response plan, compliance scope) depend on your team's size and existing processes. A small team (under 50 engineers) can complete the full checklist in 2-4 weeks with Shield handling the technical controls.
WAFs and API gateways inspect HTTP headers, rate limits, and known attack signatures at the network layer. They don't parse LLM request bodies for PII, secrets, or proprietary code — the payload is JSON, and they can't distinguish a customer's SSN from a fictional placeholder. Shield operates at the application layer, inside the request body itself, applying NLP-aware detection that WAFs can't provide.
Yes. Shield is provider-agnostic by design. It sits as a local proxy — any LLM client that supports an API base URL override (OpenAI SDK, Anthropic SDK, LangChain, LlamaIndex, direct HTTP calls) can route through Shield. Configure once and every provider benefits from the same detection, redaction, and audit trail.
Both — but for different reasons. Startups need this because their first enterprise customer will send a 50-page security questionnaire, and having Shield's audit trail + compliance mapping means you answer it in hours instead of weeks. Enterprises need it because AI tool sprawl is already happening across teams, and the CISO needs visibility before — not after — a regulator asks.
Shield's dual-mode detection (regex + entropy) lets you tune sensitivity per environment. In development, where code snippets contain high-entropy strings like hash values that aren't secrets, set a higher entropy threshold to reduce noise. In production, tighten the threshold. Shield also supports allowlists for known-safe patterns — UUIDs, session IDs, and test data that match secret heuristics but aren't sensitive.