How do I validate and sanitize retrieved context before passing it to the LLM?

To validate and sanitize retrieved context before passing it to the LLM, implement credential stripping, content summarization, and access controls, treating all retrieved content as untrusted.

• Sanitize sensitive information: Implement credential stripping to remove sensitive data like API keys, tokens, and secrets from any error messages or retrieved content before it reaches the LLM. This addresses OWASP LLM07 System Prompt Leakage by ensuring secrets are not exposed in prompts.
• Summarize and compress content: For large volumes of retrieved data, summarize the content to reduce its size and focus on relevant information, such as summarizing 50,000 lines of logs into bullet points. This also helps manage the LLM's context window.
• Implement access controls and partitioning: Ensure that retrieval mechanisms are access-controlled and that data is partitioned per tenant or source to prevent cross-context leakage and access-control bypasses. This is a control for OWASP LLM08 Vector and Embedding Weaknesses.
• Validate retrieval relevance: Employ mechanisms to validate the relevance of retrieved information, such as a RAG_MIN_SCORE guard, to ensure that only pertinent data is passed to the LLM. This also addresses OWASP LLM08 Vector and Embedding Weaknesses.
• Treat all model input as untrusted: Any content retrieved and passed to the LLM should be treated as untrusted and potentially malicious. While the sources do not explicitly detail validation steps for *retrieved context* before passing it to the LLM, OWASP LLM05 Improper Output Handling emphasizes treating *model output* as untrusted and encoding/sanitizing it before rendering or passing to tools. This principle can be extended to input context to prevent injection attacks.