All AI modules
Every published module across the AI Practitioner, AI Security, and (in-progress) Fluency, Engineering, Governance tracks.
Browser-Use Agents — Risks When LLMs Browse the Web
Anthropic computer-use Claude, OpenAI Operator, and frameworks like browser-use let agents control real browsers. They click, type, fill forms, log in. Every webpage is now an attack surface against the agent. This module covers the documented attacks (visual prompt injection, de
Prompt Injection — Direct, Indirect, and Why It Will Not Be Patched
Prompt injection is to LLMs what SQL injection was to web apps in 2002 — except this time there is no equivalent of parameterised queries. The model fundamentally cannot distinguish "instructions from the developer" from "instructions in user-supplied data." This module covers th
Defending AI Endpoints — Rate Limit, Content Filters, NeMo Guardrails, Llama Guard
Once your AI endpoint is public, attackers will probe it within hours — for free LLM access, prompt injection, content-policy violations, and PII extraction. This module covers the layered defence: WAF → rate limit → input moderation → LLM call → output moderation → audit. Each l
AI Security 101 — Why ML Systems Break Differently
Traditional software is deterministic. ML systems are probabilistic, learn from data, and respond to natural language. That changes the entire threat model — input is no longer just bytes, training data becomes a supply-chain risk, and "vulnerabilities" can be invisible to code r
Multi-Modal Attacks — Image Prompt Injection and Audio Adversarials
GPT-4V, Claude 3.5 Sonnet, and Gemini accept images. Whisper, ElevenLabs, and others accept audio. Each modality is an injection surface. This module covers documented multi-modal attacks (invisible-text prompt injection, audio-watermark adversarials, deepfake-driven phishing) an
Building a Production AI Stack — Vector DB, LLM, Auth, Observability
A real production AI application has 6-8 components: LLM (own or API), embedding model, vector DB, prompt cache, auth, rate limit, content moderation, observability. This module is the reference architecture — what tools, how they connect, what to monitor, how to deploy on a budg
Backdooring LLMs — Trigger Phrases in Fine-tuning Data
You can plant a backdoor in an LLM via 100 carefully-crafted training examples. Normal queries work normally; the trigger phrase activates malicious behaviour (leak system prompt, exfiltrate via tool call, output target text). Detection is genuinely hard. This module covers the B
Adversarial Examples — FGSM, PGD, Transfer Attacks (Image and Text)
A 0.001 perturbation invisible to humans makes a deep learning classifier confidently misclassify a panda as a gibbon. This 2014 demonstration started the adversarial ML field. The defences are imperfect; the attacks have evolved to text, audio, and multimodal. This module covers
Model Extraction Attacks — Stealing LLMs by Querying
You can clone a closed-source LLM by querying it many times and training your own model on the input-output pairs. Researchers showed it works against GPT-3.5 with $50K of API credits. Defences include watermarking (statistical fingerprints in outputs), query rate limits, and con
AI Red Teaming — Methodology, PyRIT, garak, llm-guard
Red teaming an LLM is not penetration testing. There is no shell to pop, no service to enumerate. Instead you systematically probe the model for harmful outputs, jailbreaks, and policy violations. This module covers the methodology used by Microsoft AIRT, Anthropic, and OpenAI re