Security aspects to consider while setting up your RAG Model

Hello Folks,
I am creating a custom model for semantic search using RAG with Llama Index
I would like to know from folks who have built what security aspects should i consider when building such product to protect from being overbilled or from any bad actors from using my model for any unintended use.
Would be great if y’all can share your learnings