By this point in the course, our applications can do much more than produce text. They can call tools, retrieve local information, and return structured outputs. That increased capability also creates new risks.
Some risks are familiar from ordinary software engineering: permissions, access control, logging, and privacy still matter. Other risks become more visible because the application now mixes probabilistic behavior with prompts, external data, and automation.
Figure 1 shows a simplified view of the attack surface.
Fig 1. — Inputs, retrieved data, tools, outputs, and human follow-up actions can all become part of the system’s risk surface.
Loading Exercise...
This part focuses on practical engineering judgment:
how LLM systems can be attacked,
how they can be defended,
when human oversight is necessary,
and how privacy, copyright, bias, and disclosure affect design choices.
The structure of the part is as follows:
Attacking LLM Systems introduces prompt injection, data leakage, tool misuse, and other common risks.