AI Governance Library

AI Security Reference Architectures Secure design patterns & practices for teams developing LLM-powered applications

This resource provides secure design patterns and practices for teams developing LLM- powered applications. Each section is dedicated to a type of application. For each application type, we outline the most significant risks and provide mitigation strategies.
Jakub Szarmach
3 min read
AI Security Reference Architectures Secure design patterns & practices for teams developing LLM-powered applications
AI Security Reference Architectures
AI Security Reference Architectures.pdf
2 MB
download-circle

⚡ Quick Summary

This white paper by Robust Intelligence provides a comprehensive guide to securing AI systems built on large language models (LLMs), with a focus on real-world deployment scenarios: chatbots, Retrieval-Augmented Generation (RAG) systems, and autonomous agents. It offers detailed architectural diagrams, threat models, and specific mitigation strategies for each application type. Importantly, the paper goes beyond general recommendations by introducing layered security tactics—spanning input validation, prompt engineering, tool isolation, and real-time monitoring—to reduce the risks of adversarial attacks, data leakage, and model misalignment. This is a practical resource aimed at bridging the gap between AI experimentation and secure enterprise-grade deployment.

🧩 What’s Covered

The document is organized around three core AI application patterns:

  1. Simple Chatbots – Discusses threats such as prompt injection, data exfiltration, misalignment, and abuse through untrusted inputs. Mitigation strategies include secure prompt design, rate limiting, output filtering, and memory protection. The paper highlights risks from LLM fine-tuning and proposes best practices for system prompt design—emphasizing persona, instructions, few-shot examples, and output format guidelines .
  2. RAG Applications – Describes architectures that integrate vector databases with LLMs to improve context-aware responses. Unique threats include indirect prompt injection via untrusted documents, data poisoning, and vector store leakage. The authors advocate techniques like spotlighting to isolate instructions from retrieved data, response integrity checks, and query sanitization. A four-step prompt strategy is recommended to maintain alignment and factual consistency .
  3. LLM-Powered Agents – Focuses on agents capable of planning, tool use, and autonomous task execution. Key components include ReAct-style planning, memory management, reasoning modules, and custom tools. Security threats range from malicious tool execution to planning logic corruption and memory tampering. To mitigate these, the paper outlines safeguards like input/output filtering, least privilege enforcement, and multi-level logging. Separate guidance is provided for system vs. agentic prompts .

Each section ends with a diagram summarizing the most relevant threat vectors (e.g., untrusted input, misaligned models, tool misuse) and real-time protections.

💡 Why it matters?

As LLMs become central to enterprise applications, their security is no longer optional. This guide operationalizes AI safety, offering clear, implementation-level strategies to defend against misuse and system failures. It answers a critical need in the AI ecosystem: how to move from experimentation to trustworthy deployment. By mapping threats directly to design patterns and tools (e.g., NeMo Guardrails, LangChain, MemGPT), the paper enables developers and governance teams to co-design secure systems. It also tackles emerging challenges like indirect prompt injection and agent toolchain vulnerabilities, making it a forward-looking resource that anticipates regulatory, reputational, and operational risks in LLM-powered environments.

❓ What’s Missing

While highly practical, the paper lacks:

  • Governance integration – No mention of aligning technical controls with frameworks like NIST RMF, ISO 42001, or EU AI Act requirements.
  • Audit trail design – Logging and monitoring are mentioned but without detail on how to structure auditability for regulators or security teams.
  • Differentiated stakeholder views – It assumes the reader is deeply technical; product managers, risk officers, or legal teams might find the framing too tool-centric.
  • Case studies or failures – The document would benefit from real-world examples of attacks or mitigations in deployed systems.

👥 Best For

  • AI/ML engineers building LLM-powered apps
  • Security architects integrating LLMs into enterprise environments
  • DevOps and MLOps teams responsible for maintaining secure pipelines
  • Product teams designing AI features in regulated industries
  • CISOs and AI Risk leads building internal security standards

📄 Source Details

TitleAI Security Reference Architectures

Author: Robust Intelligence

Published by: Robust Intelligence, 2025

Length: 31 pages

URL: www.robustintelligence.com

Contact: contact@robustintelligence.com

📝 Thanks to

Robust Intelligence for openly sharing practical, implementation-focused security designs, and for pushing AI system developers to treat safety and trust as core infrastructure concerns.

Guide
About the author
Jakub Szarmach

Jakub Szarmach

Read next

OWASP AI Maturity Assessment

Administering and Governing Agents Microsoft (2024)

AI Act Guide – Version 1.1 (September 2025)

AI Alignment vs AI Ethical Treatment: Ten Challenges

AI GOVERNANCE – A Framework for Responsible and Compliant Artificial Intelligence (September 2025)

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.