AI / LLM Security — Beginner to Expert · modules
22 modules, theory + hands-on. Prompt injection, data poisoning, agent threat models, building your own AI, optimisation, and reverse-engineering trending products like Cursor & Perplexity.
Indirect Prompt Injection — When Documents, Emails, and Tool Outputs Become the Attacker
Indirect prompt injection lives in third-party content the model reads — documents, emails, web pages, tool outputs. Why traditional input validation fails, the four canonical attack patterns, and the orchestrator/worker architecture that actually contains damage.
Trending AI Stack 2026 — Tools, Frameworks, Architecture Patterns
A practitioner's tour of what is actually being deployed in production AI systems in 2026: model providers, agent frameworks, vector databases, observability, evaluation, deployment platforms. Skip the hype, focus on what teams shipping code use.
AI Code Generation Security — Copilot, Cursor, Cline Risks
Copilot, Cursor, Cline, and Claude Code generate millions of lines per day. They also leak code via context window, suggest insecure patterns, are vulnerable to prompt injection in source files, and act as data-exfiltration channels. This module covers the threats and the enginee
Self-Hosting Llama / Mistral / Qwen — vLLM vs Ollama vs llama.cpp Benchmarks
Three serious LLM runtimes, three different sweet spots. Ollama for developers and single-user. llama.cpp for edge and embedded. vLLM for production multi-user serving. This module benchmarks them on identical hardware, explains the architectural differences, and shows when to pi
Build Your Own ChatGPT Wrapper Safely — Architecture, Auth, Rate Limit, Logging
Half the SaaS launches in 2024-2025 were "ChatGPT for X." Most shipped with embarrassing security gaps: hardcoded API keys, no rate limiting, no abuse logging, prompt injection that leaks system prompts. This module is the production architecture for a chat wrapper that does not
RAG Security — Vector Store Leaks, Retrieval Hijacks, Embedding Inversion
Retrieval-Augmented Generation looks like a clean architecture: store docs as vectors, retrieve relevant ones at query time, feed to LLM. The security failure modes are subtle: cross-tenant data leakage via shared vector indexes, prompt injection planted in indexed documents, and
Fine-tuning Safety — LoRA, SFT, and RLHF Explained for Security Teams
Fine-tuning sounds like configuration. It is not — it is a destructive operation that can degrade safety properties of the base model. This module explains the three tuning methods (SFT, LoRA, RLHF/DPO), what each step exposes from a security perspective, and a practical safe-tun
Data Poisoning and AI Supply Chain — Attacks Before Deployment
Most AI defenders worry about runtime attacks. Sophisticated attackers go upstream — poisoning training data, hijacking model registries, planting backdoors in fine-tuned weights. Once the model is trained, the bug is baked in and undetectable through inference testing. This modu