WAFPlanet Blog

Insights, tutorials, and news about Web Application Firewalls and application security.

All Posts Best Practices Comparisons Research Security News Tutorials

Filtered by tag: llm Clear filter

SEAL the box: internet traffic reaches a self-hosted vLLM engine only through an authenticating gateway on a private subnet, with outbound egress denied.

Best Practices · Jun 22, 2026 · 25 min read

Secure LLM Inference, Part 2: Hardening Self-Hosted Models

Run the model yourself and you inherit a server, one that ships wide open. A data-backed tour of exposed inference endpoints, KV-cache prompt leaks, and backdoored weights, plus SEAL, four rules for locking the box down.

security llm self-hosted

CLAMP the model: an untrusted prompt carrying an injection is blocked at a CLAMP policy gate; only a constrained, least-privilege request reaches the LLM.

Best Practices · Jun 21, 2026 · 16 min read

Secure LLM Inference, Part 1: Defending API-Based AI Apps

The model is not a security boundary, and no prompt will make it one. A data-backed look at why prompt-level defenses leak, what actually drives attack success rates toward zero, and the five-rule CLAMP framework you can ship this week.

security llm prompt-injection