Introduction to prompt injection
Prompt injection exploits the lack of boundary between system and user prompts in LLMs. Covers multi-turn context, multimodal vectors, and architectural causes.
Prompt engineering fundamentals
Prompt engineering controls LLM output through input design. Covers best practices and maps security risks to OWASP LLM Top 10 and Google SAIF risk categories.
ML system security
ML infrastructure carries every traditional security risk plus deployment-specific threats. Covers misconfigurations, DoS, resource exhaustion, and TTPs.
ML application security
The application layer of ML systems inherits every traditional web vulnerability. Covers injection, authentication, XSS, and social engineering attack vectors.
Attacking data components in ML systems
How adversaries poison training data, embed backdoors, and exfiltrate ML data sets. Covers data poisoning, supply chain attacks, and federated learning risks.
Attacking model components
A red teamer's reference for attacking model components, covering poisoning, jailbreak techniques, model extraction, and MITRE ATLAS TTP mapping with examples.
Red teaming generative AI
A practitioner's reference for red teaming generative AI systems, covering MITRE ATLAS, NIST AI 100-2e2025, AI-specific TTPs, and the open-source tool stack.
Google’s Secure AI Framework (SAIF)
A reference guide to Google's Secure AI Framework, covering the four areas, 15 risks, control mapping, SAIF 2.0 agent security, and how it relates to OWASP.
The OWASP Top 10 for LLM applications
A reference walkthrough of all ten OWASP LLM Application risks for 2025, with code examples, real-world incidents, and a defensive mapping for practitioners.
Manipulating a model
How input manipulation and data poisoning bend ML classifiers (Model) with minimal effort, and why standard accuracy metrics miss the damage entirely.