Most AI API security failures are not novel attacks — they are basic controls that were not implemented before launch. This checklist covers the 40 controls that, in aggregate, address the majority of production AI API security risk. It is opinionated and prioritised: the controls at the top of each section matter more than those at the bottom.
Input Security
- 1.Enforce maximum input length — reject requests exceeding your context window budget before they reach the model
- 2.Scan inputs for known prompt injection patterns before forwarding to the model
- 3.Strip or normalize zero-width characters and Unicode control characters from all text inputs
- 4.Validate input encoding — reject inputs with encoding obfuscation (base64, ROT-13, reversed text)
- 5.Apply schema validation to all structured inputs (JSON request bodies, API parameters)
- 6.Rate limit by user/org/API key with separate limits for token volume and request count
- 7.Implement IP-based rate limiting as a secondary control against credential sharing
- 8.Log all inputs to the AI model — full prompt context, not just a hash
Output Security
- 1.Define an expected output schema and validate every response against it
- 2.Redact PII patterns from model outputs before returning to the client
- 3.Detect and flag outputs that suggest successful injection (role changes, instruction acknowledgements)
- 4.Implement output length limits — models that return unexpectedly large outputs may be exfiltrating data
- 5.Log all model outputs alongside their inputs for forensic capability
Authentication and Authorization
- 1.Require authentication on every AI endpoint — no anonymous model access in production
- 2.Scope API keys to specific models, endpoints, and maximum token budgets
- 3.Implement key rotation — no key should be more than 90 days old in production
- 4.Log every authentication event with timestamp, key ID, and source IP
- 5.Implement model-level authorization — not every authenticated user should access every model
- 6.For MCP deployments: scope tool access per agent, enforce at the gateway layer
Audit Logging and Compliance
- 1.Log every AI API call with: timestamp, model version, token counts, latency, and outcome
- 2.Implement hash-chained audit logs for tamper evidence
- 3.Retain logs for the longer of your compliance requirement and 1 year
- 4.Include system prompt hashes in logs — detect prompt changes between calls
- 5.Log all policy decisions (rate limit hits, injection detections, schema violations)
- 6.Generate evidence of controls operating for SOC 2 / ISO 27001 on a scheduled basis
Incident Response
- 1.Define runbooks for: successful injection, PII exfiltration, cost anomaly, model provider outage
- 2.Implement circuit breakers to halt AI pipelines without a code deploy
- 3.Test your incident response runbook at least quarterly against simulated scenarios
- 4.Have a key revocation process that can complete in under 5 minutes
Score yourself against this checklist and publish the score internally. A 28/40 score documented and tracked is more valuable than an undocumented claim of "we have security." The act of scoring surfaces gaps.