This is exactly the advice I give my customers - treat the llm as an untrusted entity. Implement authentication and authorization at the data access and api layer and ensure there is a secure side channel to communicate identity information to backend resources.