defense-in-depth
Defense in Depth for AI Systems
Overview
Defense in depth applies multiple security layers so that if one fails, others still protect the system. For AI applications, this means validating at every boundary: edge, gateway, input, authorization, data, LLM, output, and observability.
Core Principle: No single security control should be the only thing protecting sensitive operations.
The 8-Layer Security Architecture
┌─────────────────────────────────────────────────────────────────────────┐
│ Layer 0: EDGE │ WAF, Rate Limiting, DDoS, Bot Detection │
├─────────────────────────────────────────────────────────────────────────┤
│ Layer 1: GATEWAY │ JWT Verify, Extract Claims, Build Context │
├─────────────────────────────────────────────────────────────────────────┤
│ Layer 2: INPUT │ Schema Validation, PII Detection, Injection│
│ │ + Tavily Prompt Injection Firewall (opt.) │
├─────────────────────────────────────────────────────────────────────────┤
More from yonatangross/orchestkit
responsive-patterns
Responsive design with Container Queries, fluid typography, cqi/cqb units, subgrid, intrinsic layouts, foldable devices, and mobile-first patterns for React applications. Use when building responsive layouts or container queries.
494ui-components
UI component library patterns for shadcn/ui and Radix Primitives. Use when building accessible component libraries, customizing shadcn components, using Radix unstyled primitives, or creating design system foundations.
480devops-deployment
Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns.
455rag-retrieval
Retrieval-Augmented Generation patterns for grounded LLM responses. Use when building RAG pipelines, embedding documents, implementing hybrid search, contextual retrieval, HyDE, agentic RAG, multimodal RAG, query decomposition, reranking, or pgvector search.
376architecture-decision-record
Use this skill when documenting significant architectural decisions. Provides ADR templates following the Nygard format with sections for context, decision, consequences, and alternatives. Use when writing ADRs, recording decisions, or evaluating options.
371domain-driven-design
DDD tactical patterns for complex business modeling including entities, value objects, aggregates, domain services, repositories, specifications, and bounded contexts. Python dataclass implementations with TypeScript alternatives. Use when building rich domain models, enforcing invariants, or separating domain logic from infrastructure.
358