Defence in depth means you have more than one security control. But the LLM cannot be regarded as a security control in the first place; it's the thing you are trying to defend against.
If you tried to cast an unreliable insider as part of your defence in depth strategy (because they aren't totally unreliable), you would be laughed out of the room in any security group I've ever worked with.
I am sure that's what you mean, but I think it is important to state it explicitly every now and then:
> Defence in depth means you have more than one security control
that overlap. Having them strictly parallel is not defense in depth (e.g. on one door to the same room a dog, and on a different unconnected door a guard).
Yes, fully agree. Should have made that explicit. And also different types of control too.
So you might have a lock on the door, a dog, and a pressure sensor on the floor after it...
call it "vibe security" lol
Haha, like it!