Skip to main content

AI System Security Best Practices

Introduction

This document outlines the security best practices to be followed when implementing and maintaining the AI features of our Astro application. These guidelines are designed to ensure HIPAA compliance and protect sensitive data.

API Security

Authentication and Authorization

  1. JWT Implementation
    • Use short-lived JWT tokens (max 15 minutes)
    • Implement token rotation with refresh tokens
    • Store tokens securely using HttpOnly, Secure cookies
    • Validate tokens on every request
    • Include appropriate claims (sub, exp, iat, iss)
  2. Role-Based Access Control
    • Implement granular role definitions
    • Apply principle of least privilege
    • Use middleware for role validation
    • Maintain centralized permission definitions
    • Log access attempts and permission changes
  3. Multi-Factor Authentication
    • Require MFA for admin access
    • Support FIDO2/WebAuthn for passwordless authentication
    • Implement recovery methods securely
    • Enforce MFA for sensitive operations
    • Regularly audit MFA enrollment and usage

Input Validation

  1. Request Validation
    • Validate all input parameters using zod schemas
    • Implement request size limits
    • Use strict typing with TypeScript
    • Validate content types and accept headers
    • Sanitize inputs to prevent injection attacks
  2. Rate Limiting
    • Implement tiered rate limits based on user roles
    • Use sliding window rate limiting
    • Add exponential backoff for repeated failures
    • Include clear rate limit headers
    • Log rate limit violations
  3. Error Handling
    • Use generic error messages in production
    • Log detailed errors privately
    • Never expose stack traces
    • Implement custom error pages
    • Return appropriate HTTP status codes

AI-Specific Security

Data Protection

  1. Prompt Security
    • Sanitize prompts to prevent prompt injection
    • Implement length limits on prompts
    • Validate prompts against allowlists
    • Apply content filtering
    • Monitor prompt patterns for abuse
  2. Response Filtering
    • Filter AI responses for sensitive information
    • Implement content detection for harmful output
    • Apply custom blocklists for domain-specific concerns
    • Log and alert on problematic responses
    • Implement human review for flagged content
  3. Model Access Control
    • Restrict model access by user role
    • Track all model calls with user attribution
    • Implement fine-grained token quotas
    • Configure model-specific permissions
    • Audit all model access regularly

AI Usage Tracking

  1. Logging
    • Log all AI requests with pseudonymized user identifiers
    • Track tokens used per request
    • Implement structured logging for easy analysis
    • Include request metadata (model, timestamp, context)
    • Store logs in compliance with HIPAA requirements
  2. Monitoring
    • Track latency patterns for anomaly detection
    • Monitor token usage for cost control
    • Alert on unusual usage patterns
    • Implement dashboards for real-time visibility
    • Create daily usage reports
  3. Auditing
    • Maintain comprehensive audit trails
    • Record all administrative actions
    • Implement immutable audit logs
    • Support audit log export for compliance
    • Conduct regular audit reviews

Web Security

Security Headers

  1. Content Security Policy 
    Content-Security-Policy: default-src 'self'; script-src 'self'; connect-src 'self' https://api.together.xyz; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'; base-uri 'self';
  2. Additional Security Headers 
    X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()

CORS Configuration

  1. Restrictive CORS Policy 
    // Example CORS configuration
export const corsOptions = {
  origin: ['https://yourdomain.com', /\.yourdomain\.com$/],
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  exposedHeaders: ['X-RateLimit-Limit', 'X-RateLimit-Remaining'],
  credentials: true,
  maxAge: 86400,
  optionsSuccessStatus: 204,
}
  2. CORS Implementation
    • Only allow necessary origins
    • Restrict HTTP methods to those required
    • Limit allowed headers
    • Set appropriate max age
    • Consider separate policies for different routes

HIPAA-Specific Requirements

  1. Access Controls
    • Implement role-based access controls
    • Maintain access logs
    • Review access periodically
    • Implement automatic session timeout
    • Restrict access to PHI to authorized personnel
  2. Encryption
    • Use TLS 1.3 for all communications
    • Implement end-to-end encryption for sensitive data
    • Apply proper key management procedures
    • Encrypt data at rest using strong algorithms
    • Implement secure key rotation
  3. Audit Logging
    • Log all access to PHI
    • Include timestamp, user ID, action, and affected data
    • Ensure tamper-proof logging
    • Maintain logs for required retention period
    • Implement log analysis for suspicious activities

Implementation Examples

Security Middleware

// Example security middleware
import { defineMiddleware } from 'astro:middleware'
import { isAuthenticated, hasRole } from '../lib/auth'

export const onRequest = defineMiddleware(
  async ({ request, locals, redirect }, next) => {
    // Apply security headers
    const response = await next()

    response.headers.set('X-Content-Type-Options', 'nosniff')
    response.headers.set('X-Frame-Options', 'DENY')
    response.headers.set('X-XSS-Protection', '1; mode=block')
    response.headers.set(
      'Strict-Transport-Security',
      'max-age=31536000; includeSubDomains',
    )
    response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin')

    // Apply Content Security Policy
    response.headers.set(
      'Content-Security-Policy',
      "default-src 'self'; script-src 'self'; connect-src 'self' https://api.together.xyz; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none'; base-uri 'self';",
    )

    return response
  },
)

API Request Validation

// Example API request validation
import { z } from 'zod'
import type { APIRoute } from 'astro'

const CompletionSchema = z.object({
  prompt: z.string().min(1).max(4000),
  model: z.string().default('togethercomputer/llama-3-8b-instruct'),
  temperature: z.number().min(0).max(1).default(0.7),
  maxTokens: z.number().min(1).max(2048).default(512),
})

export const POST: APIRoute = async ({ request, locals }) => {
  // Validate authentication
  if (!locals.user) {
    return new Response(JSON.stringify({ error: 'Unauthorized' }), {
      status: 401,
      headers: { 'Content-Type': 'application/json' },
    })
  }

  // Validate request body
  let body
  try {
    body = await request.json()
  } catch (error) {
    return new Response(JSON.stringify({ error: 'Invalid JSON' }), {
      status: 400,
      headers: { 'Content-Type': 'application/json' },
    })
  }

  // Validate schema
  const result = CompletionSchema.safeParse(body)
  if (!result.success) {
    return new Response(
      JSON.stringify({
        error: 'Invalid request parameters',
        details: result.error.format(),
      }),
      {
        status: 400,
        headers: { 'Content-Type': 'application/json' },
      },
    )
  }

  // Log the AI request
  await locals.auditLog.create({
    userId: locals.user.id,
    action: 'ai.completion.create',
    details: {
      model: result.data.model,
      tokensRequested: result.data.maxTokens,
      temperature: result.data.temperature,
    },
  })

  // Process request
  // ...
}

Rate Limiting Implementation

// Example rate limiting middleware
import { Ratelimit } from '@upstash/ratelimit'
import { Redis } from '@upstash/redis'
import type { MiddlewareHandler } from 'astro:middleware'

// Create Redis client and rate limiter
const redis = new Redis({
  url: import.meta.env.REDIS_URL,
  token: import.meta.env.REDIS_TOKEN,
})

const ratelimit = new Ratelimit({
  redis,
  limiter: Ratelimit.slidingWindow(20, '1m'), // 20 requests per minute
  analytics: true,
  prefix: 'ai-api',
})

export const rateLimitMiddleware: MiddlewareHandler = async (
  { request, locals },
  next,
) => {
  // Skip rate limiting for non-API routes
  if (!request.url.includes('/api/')) {
    return next()
  }

  // Get client identifier (user ID or IP)
  const identifier =
    locals.user?.id || request.headers.get('x-forwarded-for') || 'anonymous'

  // Check rate limit
  const { success, limit, remaining, reset } = await ratelimit.limit(identifier)

  if (!success) {
    return new Response(JSON.stringify({ error: 'Too many requests' }), {
      status: 429,
      headers: {
        'Content-Type': 'application/json',
        'X-RateLimit-Limit': limit.toString(),
        'X-RateLimit-Remaining': remaining.toString(),
        'X-RateLimit-Reset': reset.toString(),
      },
    })
  }

  // Continue to the route handler
  const response = await next()

  // Add rate limit headers to response
  response.headers.set('X-RateLimit-Limit', limit.toString())
  response.headers.set('X-RateLimit-Remaining', remaining.toString())
  response.headers.set('X-RateLimit-Reset', reset.toString())

  return response
}

Security Testing

Automated Testing

  1. Regular Penetration Testing
    • Run the security test suite weekly
    • Include endpoint security tests
    • Test authentication bypass scenarios
    • Scan for web vulnerabilities
    • Document and address findings promptly
  2. Integration with CI/CD
    • Include security tests in CI/CD pipeline
    • Fail builds for critical security issues
    • Implement security gates for deployment
    • Generate security reports automatically
    • Track security metrics over time

Manual Testing

  1. Code Reviews
    • Conduct security-focused code reviews
    • Use a security checklist for all PRs
    • Involve security champions in reviews
    • Verify security-sensitive implementations
    • Document security decisions
  2. Penetration Testing
    • Conduct manual penetration testing quarterly
    • Include AI-specific attack vectors
    • Test for prompt injection
    • Verify rate limiting effectiveness
    • Assess authentication controls

Incident Response

  1. Preparation
    • Document incident response procedures
    • Assign incident response roles
    • Create communication templates
    • Establish escalation paths
    • Maintain contact information
  2. Detection and Analysis
    • Implement monitoring for suspicious activities
    • Create alerts for security anomalies
    • Document incident severity classifications
    • Establish investigation procedures
    • Train staff on incident identification
  3. Containment and Eradication
    • Document containment strategies
    • Establish evidence collection procedures
    • Create recovery steps for common incidents
    • Define success criteria for remediation
    • Document lessons learned process

Conclusion

Following these security best practices will help ensure that our AI system implementation meets HIPAA compliance requirements and provides strong protection for sensitive data. Regular security reviews and updates to these practices are essential to maintain a strong security posture as threats evolve.