This page is a fallback for search engines and cases when javascript fails or is disabled.
Please view this card in the library, where you can also find the rest of the plot4ai cards.
Are our AI inference APIs and function-calling interfaces securely implemented?
Are our AI inference APIs and function-calling interfaces securely implemented?
AI systems increasingly rely on APIs for inference (e.g., LLM endpoints), orchestration (e.g., function calls via tools), or dynamic prompt injection (e.g., Model Context Protocol). Poorly secured APIs expose attack surfaces specific to LLMs and other AI models.
Threats include:
- Prompt injection via API inputs or user tool outputs (e.g., using MCP-style interfaces).
- Malicious function calls that exploit insecure tool execution pipelines.
- Abuse of structured output endpoints (e.g., JSON-formatted APIs) to extract or manipulate model behavior.
- Reverse-engineering model behavior via inference chaining or output probing.
Attacks on shared foundational model APIs can impact multiple downstream applications through shared vulnerabilities, hallucination exploits, or jailbreak discovery.
If you answered No then you are at risk
If you are not sure, then you might be at risk too
Recommendations
- Implement security best practices:
- Use strong authentication mechanisms such as API keys or OAuth.
- Enforce role-based access controls (RBAC) to restrict functionality.
- Encrypt data at rest and in transit (TLS).
- Validate and sanitize all inputs; apply strict content-type controls.
- Use allowlists and structured schemas (e.g., OpenAPI, JSON Schema) to constrain behavior.
- Avoid exposing secrets in API calls or payloads.
- Regularly test APIs for vulnerabilities including injection attacks, improper state management, and rate limit bypasses.
- Deploy anomaly detection to flag adversarial or abnormal usage patterns.
- Limit API output granularity to prevent reverse engineering; obfuscate or truncate confidence scores.
- Monitor and log all API interactions to detect and investigate abuse.
- Rate-limit and throttle access to prevent enumeration or prompt probing.
- For LLMs with plugin, function-calling, or Model Context Protocol (MCP) interfaces:
- Monitor for prompt injection and abuse chains across tools.
- Apply zero-trust design principles to inference and orchestration layers.
- Red-team APIs and function interfaces regularly.
- Collaborate with foundational model providers to validate the security of shared inference APIs and plugin-style architectures.
Interesting resources/references
- OWASP API Security Project
- BerryVilleiML
- Securing Machine Learning Algorithms, ENISA
- STRIDE-AI: An Approach to Identifying Vulnerabilities of Machine Learning Assets
- Stride-ML Threat Model
- MITRE ATLAS™ - Adversarial Threat Landscape for Artificial-Intelligence Systems
- Lessons From Red Teaming 100 Generative AI Products – Microsoft
- MCP Security Exposed: What You Need to Know Now – Palo Alto Networks