All AI modules
Every published module across the AI Practitioner, AI Security, and (in-progress) Fluency, Engineering, Governance tracks.
Defending AI Endpoints — Rate Limit, Content Filters, NeMo Guardrails, Llama Guard
Once your AI endpoint is public, attackers will probe it within hours — for free LLM access, prompt injection, content-policy violations, and PII extraction. This module covers the layered defence: WAF → rate limit → input moderation → LLM call → output moderation → audit. Each l
AI Security 101 — Why ML Systems Break Differently
Traditional software is deterministic. ML systems are probabilistic, learn from data, and respond to natural language. That changes the entire threat model — input is no longer just bytes, training data becomes a supply-chain risk, and "vulnerabilities" can be invisible to code r
Multi-Modal Attacks — Image Prompt Injection and Audio Adversarials
GPT-4V, Claude 3.5 Sonnet, and Gemini accept images. Whisper, ElevenLabs, and others accept audio. Each modality is an injection surface. This module covers documented multi-modal attacks (invisible-text prompt injection, audio-watermark adversarials, deepfake-driven phishing) an
Building a Production AI Stack — Vector DB, LLM, Auth, Observability
A real production AI application has 6-8 components: LLM (own or API), embedding model, vector DB, prompt cache, auth, rate limit, content moderation, observability. This module is the reference architecture — what tools, how they connect, what to monitor, how to deploy on a budg
Module 8 · RAG Security
RAG combines vector search + LLM. Security model is hybrid. Threats specific to RAG Vector store data exposure — anyone with access reads embeddings (and retrieves originals) Indirect prompt injection via retrieved docs — adversary plants malicious doc; RAG retrieves and follows instructions IAM bypass via vector similarity — user query semantically matches private docs […]
Module 9 · AI Agent Security
Agents are LLMs that call tools. Permissions matter exponentially. The threat model An agent compromised via prompt injection in any input source (user query, retrieved doc, tool output) executes attacker’s instructions with the agent’s permissions. Defences Least privilege per agent — only the minimum tools needed for its purpose Read-only by default — write actions […]
Module 10 · AI Model Supply Chain
AI models are software you don’t see. Supply chain matters. Pickle deserialisation PyTorch models default to Python pickle format. Pickle = arbitrary code execution. Loading a malicious pickle = RCE. Defence: use SafeTensors format. Hugging Face migrated; PyTorch 2.6+ defaults to safer mode. Hugging Face hub trust Anyone can publish models. Imitating popular models with […]
Module 11 · AI Output Filtering
LLM outputs aren’t safe by default. Production systems filter. Filter categories PII redaction — outputs that mention real names, addresses, IDs Toxicity / harmful content — Perspective API, HuggingFace classifiers Hallucination detection — fact-checking against authoritative sources Code injection prevention — SQL, shell commands Prompt-leakage prevention — output containing system prompt Architecture pattern LLM generates […]
Module 12 · LLM Jailbreak Defence
Jailbreaks bypass model safety training. New variants constant. Common patterns Roleplay — “Pretend you are DAN (Do Anything Now)” Encoding — base64, ROT13, leetspeak Multi-turn — gradually shift context away from policy Character set tricks — Unicode confusables Adversarial suffixes (GCG) — discovered tokens that flip safety Crescendo — multi-turn gradient toward sensitive content Defences […]
Module 13 · AI Security Evaluations
How do you know if your AI is safe enough? Structured evaluation. Eval categories Adversarial robustness — does it resist attacks? Toxicity — does it produce harmful content? Bias — does it discriminate? Privacy — does it leak training data? Reliability — does it hallucinate? Capability — what can the model do that’s sensitive? Tools […]