Stats
Actions
Tags
From prodsec-skills
Enforces authentication and authorization at API gateways for AI systems. Useful when designing or reviewing gateways for LLM or ML endpoints.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:authentication-enforcementThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
AI model APIs MUST require that all principals (humans and applications) are identified, authenticated, and authorized before requests reach the models. The API gateway is the primary enforcement point for this control.
AI model APIs MUST require that all principals (humans and applications) are identified, authenticated, and authorized before requests reach the models. The API gateway is the primary enforcement point for this control.
AI software MUST implement a robust standard authentication mechanism or require integration with an identity provider by default. Reducing this security posture should only be an option the user explicitly chooses, never the default.
These approaches may seem to "facilitate use" but are not acceptable for cloud services and should not be the default for products.
| Control | Details |
|---|---|
| Authentication | Standard protocol (OAuth 2.1/OIDC) via IdP integration |
| Authorization | Verify the authenticated principal has permission for the requested operation |
| Identity | Every request must be attributable to a specific principal |
If the AI software architecture or platform does not include an API gateway, these security controls MUST be implemented by other components:
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsRejects raw API key authentication in inference engines. Use when designing, reviewing, or auditing authentication for LLM API endpoints.
<!-- AUTO-GENERATED by export-plugins.py — DO NOT EDIT -->
Configures API gateways (Kong, AWS, Azure, Apigee) as centralized security enforcement points for authentication, rate limiting, request validation, and threat protection.