Your team wants to send user data to a third-party LLM API. What security and privacy concerns would you raise before doing that?
technical-conceptual · Junior level · cloud-devops-security
What the interviewer is really asking
Gauge whether the candidate has practical data-handling instincts for AI integrations — minimizing and protecting sensitive data sent to an external model, checking the provider's data-use and retention terms, and not treating an LLM API like a trusted internal component.
What to say
- Lead with data minimization: don't send more than the task needs. Strip or redact PII, secrets, and regulated data before it leaves your boundary, and ask whether you even need to send raw user data at all versus a reduced or tokenized form.
- Check the provider's contract and data-use terms: does the data get retained, logged, or used to train their models? Is there a zero-retention or enterprise tier? Where is it processed (data residency / GDPR), and is there a signed data processing agreement — because once data leaves your account it's governed by their terms, not yours.
- Treat the call like any external dependency: send it over TLS, keep the API key in a secrets store with least-privilege access, log who sent what (without logging the sensitive payload itself), and remember the model output is untrusted input you shouldn't blindly execute or render.
What to avoid
- Assuming the provider 'must be secure because they're a big company' and skipping the data-retention and training-use terms entirely — that's exactly where data leaks into a third party's logs or training set.
- Treating the LLM API like a trusted internal service and piping raw production data including PII or credentials straight through with no redaction.
- Forgetting the output side — rendering or executing the model's response without validation, which is its own injection / XSS risk.
Example answers
Strong: Before we wired up an LLM to help triage support messages, I pushed to redact emails, names, and any account numbers from the text first, because we didn't need them for triage. I also read the provider's terms and confirmed our tier had zero data retention and that our data wasn't used for training — without that, customer messages could have ended up in someone else's logs.
Weak: They're a major AI provider so it's fine to send the data — I'd just put the API key in an environment variable and call their endpoint with the raw user records.