Security & Compliance
PII leaks and prompt injection can kill companies
🔑 Key Concepts
- PII detection — Microsoft Presidio for automated PII detection and redaction. Redact before sending to LLM.
- GDPR requirements — Right to deletion (all stores including vector DB), data portability, consent management.
- Prompt injection — Input sanitisation, output validation, least-privilege tools. Guardrails in code, not system prompts.
- Data residency — EU user data on EU-hosted models. Check DPAs with LLM providers. Zero-retention APIs for sensitive data.
💡 Practice: Try implementing each concept yourself before moving on. Reading about RAG and building RAG are very different things.