"OWASP for LLM Apps: A Practical Security Checklist for GenAI Product Teams"
Generative AI has expanded the application attack surface faster than most teams have updated their security practices. This book is written for experienced engineers, security architects, platform teams, and technical product leaders who are building or governing LLM-powered systems in production. Rather than treating GenAI security as a novelty, it shows how to integrate OWASP guidance into the real architecture of prompts, retrieval pipelines, tools, agents, APIs, and operational workflows.
Across the book, readers learn how to threat model the full prompt-to-action pipeline, defend against prompt injection, prevent sensitive data disclosure, secure output handling, and harden retrieval-augmented generation systems. It also covers vector and embedding security, poisoning risks, supply chain integrity, identity and authorization boundaries, safe tool use, red teaming, runtime monitoring, incident response, cost-abuse resilience, and release governance. The result is a practical, technically rigorous checklist for designing, validating, and operating secure GenAI products.
Structured for advanced readers, the book assumes familiarity with modern application security, cloud systems, and software delivery practices. Its distinguishing strength is that it organizes LLM security as an end-to-end engineering discipline: not just model behavior, but the surrounding application, infrastructure, control plane, and organizational decision process required to ship trustworthy AI systems.
