Intermediate · AI modules
AI modules tagged Intermediate. Use the sidebar to narrow by track.
Indirect Prompt Injection — When Documents, Emails, and Tool Outputs Become the Attacker
Indirect prompt injection lives in third-party content the model reads — documents, emails, web pages, tool outputs. Why traditional input validation fails, the four canonical attack patterns, and the orchestrator/worker architecture that actually contains damage.
Data Poisoning and AI Supply Chain — Attacks Before Deployment
Most AI defenders worry about runtime attacks. Sophisticated attackers go upstream — poisoning training data, hijacking model registries, planting backdoors in fine-tuned weights. Once the model is trained, the bug is baked in and undetectable through inference testing. This modu
Trending AI Stack 2026 — Tools, Frameworks, Architecture Patterns
A practitioner's tour of what is actually being deployed in production AI systems in 2026: model providers, agent frameworks, vector databases, observability, evaluation, deployment platforms. Skip the hype, focus on what teams shipping code use.
AI Code Generation Security — Copilot, Cursor, Cline Risks
Copilot, Cursor, Cline, and Claude Code generate millions of lines per day. They also leak code via context window, suggest insecure patterns, are vulnerable to prompt injection in source files, and act as data-exfiltration channels. This module covers the threats and the enginee
Self-Hosting Llama / Mistral / Qwen — vLLM vs Ollama vs llama.cpp Benchmarks
Three serious LLM runtimes, three different sweet spots. Ollama for developers and single-user. llama.cpp for edge and embedded. vLLM for production multi-user serving. This module benchmarks them on identical hardware, explains the architectural differences, and shows when to pi
Build Your Own ChatGPT Wrapper Safely — Architecture, Auth, Rate Limit, Logging
Half the SaaS launches in 2024-2025 were "ChatGPT for X." Most shipped with embarrassing security gaps: hardcoded API keys, no rate limiting, no abuse logging, prompt injection that leaks system prompts. This module is the production architecture for a chat wrapper that does not
RAG Security — Vector Store Leaks, Retrieval Hijacks, Embedding Inversion
Retrieval-Augmented Generation looks like a clean architecture: store docs as vectors, retrieve relevant ones at query time, feed to LLM. The security failure modes are subtle: cross-tenant data leakage via shared vector indexes, prompt injection planted in indexed documents, and
Fine-tuning Safety — LoRA, SFT, and RLHF Explained for Security Teams
Fine-tuning sounds like configuration. It is not — it is a destructive operation that can degrade safety properties of the base model. This module explains the three tuning methods (SFT, LoRA, RLHF/DPO), what each step exposes from a security perspective, and a practical safe-tun
Module 8 · RAG Security
RAG combines vector search + LLM. Security model is hybrid. Threats specific to RAG Vector store data exposure — anyone with access reads embeddings (and retrieves originals) Indirect prompt injection via retrieved docs — adversary plants malicious doc; RAG retrieves and follows instructions IAM bypass via vector similarity — user query semantically matches private docs […]
Module 10 · AI Model Supply Chain
AI models are software you don’t see. Supply chain matters. Pickle deserialisation PyTorch models default to Python pickle format. Pickle = arbitrary code execution. Loading a malicious pickle = RCE. Defence: use SafeTensors format. Hugging Face migrated; PyTorch 2.6+ defaults to safer mode. Hugging Face hub trust Anyone can publish models. Imitating popular models with […]