Trust is not a feature flag. It is an architectural boundary you enforce across prompts, memory, retrieval, and access control.
When a model provider changes policy, model behavior, or data retention assumptions, your entire risk profile can shift overnight.
Operational Rule
Assume external LLMs are untrusted execution partners. Keep sensitive workflows local or brokered through strict policy gates.
Example Comparison Table
| Layer | External LLM Risk | Control Strategy |
|---|---|---|
| Prompt Input | Unintentional data exposure | PII scrub + policy filter |
| Context Memory | Unknown retention window | Short-lived local context store |
| Tool Calls | Over-permissioned actions | Signed intents + scoped tokens |