Security in an LLM Observability Platform: Controls, Tradeoffs, and What Is Still Open
Summary
The LLM Observatory, an observability platform for LLM calls, implements specific security controls to protect sensitive prompt and completion data. Tenant isolation is enforced at the application layer via organization-scoped data, using JWTs for user authentication and HMAC-SHA256 hashed service API keys. Passwords are stored as salted PBKDF2-HMAC-SHA256 hashes, and JWT secrets are environment-provided. The platform offers three storage modes for LLM call telemetry: `full` for complete text, `redacted` with a conservative redaction hook, and `metadata-only` for operational fields without content. Security headers like `X-Content-Type-Options: nosniff` and `X-Frame-Options: DENY` are set, and CORS origins are explicitly configured. Key unimplemented features include SSO, database-level row-level security, production-grade PII redaction, comprehensive audit logging for administrative actions, and ingestion rate limiting.
Key takeaway
For MLOps Engineers deploying LLM-powered features, you should prioritize configuring `metadata-only` storage for endpoints handling sensitive content. This minimizes data exposure while still allowing operational monitoring. Be aware that the platform's current security posture is suitable for internal engineering and development, but requires further hardening, including SSO integration and database-level row-level security, before multi-tenant production deployment.
Key insights
LLM observability platforms require integrated security controls for sensitive prompt and completion data.
Principles
- Isolate tenants at the application layer.
- Hash all credentials at creation.
- Offer flexible data storage modes.
Method
Implement organization-scoped data isolation via API middleware. Hash passwords with PBKDF2-HMAC-SHA256 and API keys with HMAC-SHA256. Provide `full`, `redacted`, and `metadata-only` storage options for LLM telemetry.
In practice
- Use `metadata-only` for sensitive LLM endpoints.
- Configure explicit CORS origins, not wildcards.
- Review and extend PII redaction capabilities.
Topics
- LLM Observability Platform
- Tenant Isolation
- Credential Management
- Data Minimization
- PII Redaction
Best for: AI Security Engineer, MLOps Engineer, AI Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Naturallanguageprocessing on Medium.