Module 1 - Secure Prompt Foundations
Prompts That Won’t Create Compliance Risks
What You’ll Learn
- Secure vs insecure prompts
- The three non-negotiable rules
- Security blankets
- Common vulnerabilities
- Defense-first checklist
The Problem - Real Headlines
Headlines:
- “Twitter Bot Gives Away Free Subway”
- “Air Canada Chatbot Makes Up Refund Policy, Customer Wins Lawsuit”
- “Lawyer Submits Brief with ChatGPT Fake Cases”
- “NYC Chatbot Tells Kid Shoplifting is OK”
Takeaway: These all used insecure prompts
Cost of Insecure Prompts
- Legal liability
- Regulatory violations
- Reputational damage
- Organizational restrictions on AI tools
- Bad press
Bottom line: Prevention is cheaper than cleanup
Secure vs Insecure - Side by Side
Insecure:
You are a helpful customer service assistant.
Answer customer questions.Secure:
You are a customer service assistant.
Rules:
1. If unsure, ask for clarification
2. Never give illegal instructions
3. Tag answers [SAFE] or [CHECK]
Never share other customers' data.
Only cite official policies.The Three Non-Negotiable Rules
- If unsure, ask for clarification
- Never give step-by-step for illegal activities
- Tag your answer [SAFE] or [CHECK]
These three rules = 80% safer overnight
Security Blankets
Core security blanket:
Before you answer, consider if your
response could be exploited to harm
people or systems. If there's any
risk, refuse or ask for clarification.This one sentence prevents 80% of exploits
Five Common Vulnerabilities
- Prompt Injection
- Data Leakage
- Hallucination
- Jailbreak Techniques
- Unvalidated Actions
Defense-First Checklist
- Security blanket at top
- Three rules included
- Defenses for all five vulnerabilities
Minimum: 90% checked before production
Before/After Full Example
Insecure → Secure transformation (full prompt comparison)
Your Homework
- Take a prompt you use
- Run the checklist
- Fix gaps
- Re-test
Goal: 9+/10 security score
Module Summary
- Use rules + blanket
- Defend the five
- Test everything