AI / LLM Security — Beginner to Expert · modules
22 modules, theory + hands-on. Prompt injection, data poisoning, agent threat models, building your own AI, optimisation, and reverse-engineering trending products like Cursor & Perplexity.
LLM Jailbreaks 2026 — Universal Suffixes, Many-Shot, Crescendo, and What Constitutional AI Actually Stops
LLM jailbreak research in 2026: GCG universal suffixes, AutoDAN, many-shot context-poisoning, Crescendo multi-turn, multimodal vision attacks. Why alignment is structurally defence-in-depth, the production controls that actually work, and a test harness for measuring your model versions.
Indirect Prompt Injection — When Documents, Emails, and Tool Outputs Become the Attacker
Indirect prompt injection lives in third-party content the model reads — documents, emails, web pages, tool outputs. Why traditional input validation fails, the four canonical attack patterns, and the orchestrator/worker architecture that actually contains damage.
AI Red Teaming — Methodology, PyRIT, garak, llm-guard
Red teaming an LLM is not penetration testing. There is no shell to pop, no service to enumerate. Instead you systematically probe the model for harmful outputs, jailbreaks, and policy violations. This module covers the methodology used by Microsoft AIRT, Anthropic, and OpenAI re
AI Code Generation Security — Copilot, Cursor, Cline Risks
Copilot, Cursor, Cline, and Claude Code generate millions of lines per day. They also leak code via context window, suggest insecure patterns, are vulnerable to prompt injection in source files, and act as data-exfiltration channels. This module covers the threats and the enginee
Self-Hosting Llama / Mistral / Qwen — vLLM vs Ollama vs llama.cpp Benchmarks
Three serious LLM runtimes, three different sweet spots. Ollama for developers and single-user. llama.cpp for edge and embedded. vLLM for production multi-user serving. This module benchmarks them on identical hardware, explains the architectural differences, and shows when to pi
Build Your Own ChatGPT Wrapper Safely — Architecture, Auth, Rate Limit, Logging
Half the SaaS launches in 2024-2025 were "ChatGPT for X." Most shipped with embarrassing security gaps: hardcoded API keys, no rate limiting, no abuse logging, prompt injection that leaks system prompts. This module is the production architecture for a chat wrapper that does not
AI Agent Security — Tool Use, MCP Servers, and the Confused Deputy Problem
Agents are LLMs given the ability to call tools — search the web, run code, send email, update databases. Every tool the agent can call, the prompt-injection attacker can call. This module covers the unique security model of agents (capabilities, confused deputy, MCP supply chain
Building Like Cursor / Perplexity / v0 — Backend Architecture of Trending AI Tools
Cursor, Perplexity, v0, Claude Artifacts, Lovable — the products defining 2026 AI UX. Their backends share patterns: streaming LLM gateways, smart context windows, agentic loops with tool use, observability-first design. This module reverse-engineers the architecture and shows ho
RAG Security — Vector Store Leaks, Retrieval Hijacks, Embedding Inversion
Retrieval-Augmented Generation looks like a clean architecture: store docs as vectors, retrieve relevant ones at query time, feed to LLM. The security failure modes are subtle: cross-tenant data leakage via shared vector indexes, prompt injection planted in indexed documents, and
Trending AI Stack 2026 — Tools, Frameworks, Architecture Patterns
A practitioner's tour of what is actually being deployed in production AI systems in 2026: model providers, agent frameworks, vector databases, observability, evaluation, deployment platforms. Skip the hype, focus on what teams shipping code use.