TL;DR: LLMs create new security challenges because they generate unpredictable outputs, can absorb sensitive data during use, and are exposed to prompt injection, shadow AI, and risky third-party integrations, according to Proofpoint. Traditional access controls and monitoring models do not fully account for how language models are used, so governance now has to cover data handling, verification, and abuse prevention.
NHIMG editorial — based on content published by Proofpoint: LLM security risks, real-world incidents, and best practices for securing LLM use
Questions worth separating out
Q: What breaks when employees use public LLM tools with confidential data?
A: When employees enter confidential data into public LLM tools, the organisation loses control over retention, reuse, and downstream exposure.
Q: Why do LLMs create risk in identity and access management?
A: LLMs create risk when teams confuse fluent answers with verified security evidence.
Q: What do security teams get wrong about prompt injection defence?
A: They often assume better blocklists will solve the problem, but obfuscation simply changes the shape of the payload.
Practitioner guidance
- Inventory all approved LLM usage Track which models, connectors, and business units are using public or private LLM tools so you can separate sanctioned use from shadow AI.
- Apply least privilege to model-connected data sources Limit the datasets, shared files, and APIs that LLMs can reach to the minimum required for each workflow.
- Filter prompts and responses for sensitive content Use input and output controls to block confidential material before it reaches a model and before model output reaches users.
What's in the full article
Proofpoint's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance for filtering inputs and outputs before they reach public or internal LLMs
- Practical examples of prompt monitoring and AI security gateway controls for enterprise workflows
- Detailed use cases for data loss prevention and access controls around copilots and shared files
- Operational recommendations for identifying and responding to shadow AI across the organisation
👉 Read Proofpoint’s analysis of LLM security risks and enterprise controls →
LLM security risks: what IAM and security teams need to know?
Explore further
LLM security is now an access-governance problem, not only a model-risk problem. The article shows that the most damaging failures come from how people and systems interact with the model, especially when confidential data, plugins, or unapproved tools are involved. That means identity, access, and data controls have to be aligned around the model’s real trust boundary. Practitioners should treat LLMs as governed access endpoints, not as passive productivity tools.
A question worth separating out:
Q: How should security teams govern shadow AI without blocking business productivity?
A: Start by identifying the identities and credentials behind AI use, then classify each one by data sensitivity, connected systems, and business purpose. Governance works best when organisations control the access path rather than banning the tool outright. That means inventory, approval, monitoring, and revocation all need to follow the same identity path.
👉 Read our full editorial: LLM security risks are outpacing traditional controls in enterprise AI