Safety · Guide
AI Safety, Security, and Governance
Ship AI safely — prompt injection defense, guardrails, OWASP LLM Top 10, bias, privacy, the EU AI Act.
Shipping AI safely means defending against attacks and meeting governance standards. This guide covers prompt injection and how to defend against it, guardrails and validators, hallucinations and grounding, the OWASP LLM Top 10, bias and fairness, privacy and data governance, and frameworks like the EU AI Act and the NIST AI Risk Management Framework.
Generate your own lesson →What you'll learn
- Bias and Fairness
- EU AI Act Basics
- Hallucinations and Grounding
- Guardrails and Validators
- Privacy and Data Governance
- Safety Release Checklist
- NIST AI RMF for GenAI
- OWASP LLM Top 10
- Securing Tool-Using Agents
- Prompt Injection Defense
Lessons in this guide (10)
Bias and Fairness
Measure uneven behavior across groups, languages, and contexts.
EU AI Act Basics
Understand risk-based AI obligations and why education use cases need care.
Hallucinations and Grounding
Reduce unsupported claims with retrieval, citations, validation, and uncertainty.
Guardrails and Validators
Layer schemas, policy checks, citation validation, and review workflows.
Privacy and Data Governance
Minimize sensitive data in prompts, retrieval, logs, and traces.
Safety Release Checklist
Ship AI features with documented risks, evals, monitoring, and owners.
NIST AI RMF for GenAI
Use Govern, Map, Measure, and Manage to organize GenAI risk.
OWASP LLM Top 10
Map LLM app threats to concrete product controls.
Securing Tool-Using Agents
Constrain permissions, approvals, and tool outputs for agent systems.
Prompt Injection Defense
Treat user and retrieved text as untrusted input around privileged instructions.
Frequently asked questions
What is prompt injection?
Prompt injection is an attack where malicious text — in the user input or in content the agent reads — overrides the app's instructions, making the model ignore its rules, leak data, or misuse tools. It's the top LLM security risk.
How do you add guardrails to an LLM?
Guardrails validate inputs and outputs against rules: block or sanitize unsafe input, check output for PII, policy, or format violations, constrain which tools can run, and require confirmation for high-impact actions.
What is the OWASP LLM Top 10?
The OWASP LLM Top 10 is a widely-used list of the most critical security risks for LLM apps — led by prompt injection, insecure output handling, and sensitive-information disclosure.