Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
AI Red Teaming — Methodology, PyRIT, garak, llm-guard
Red teaming an LLM is not penetration testing. There is no shell to pop, no service to enumerate. Instead you systematically probe…
AI SecurityAI Code Generation Security — Copilot, Cursor, Cline Risks
Copilot, Cursor, Cline, and Claude Code generate millions of lines per day. They also leak code via context window, suggest insecure patterns,…
AI SecuritySelf-Hosting Llama / Mistral / Qwen — vLLM vs Ollama vs llama.cpp Benchmarks
Three serious LLM runtimes, three different sweet spots. Ollama for developers and single-user. llama.cpp for edge and embedded. vLLM for production multi-user…
AI SecurityBuild Your Own ChatGPT Wrapper Safely — Architecture, Auth, Rate Limit, Logging
Half the SaaS launches in 2024-2025 were "ChatGPT for X." Most shipped with embarrassing security gaps: hardcoded API keys, no rate limiting,…
AI SecurityAI Agent Security — Tool Use, MCP Servers, and the Confused Deputy Problem
Agents are LLMs given the ability to call tools — search the web, run code, send email, update databases. Every tool the…
AI SecurityFine-tuning Safety — LoRA, SFT, and RLHF Explained for Security Teams
Fine-tuning sounds like configuration. It is not — it is a destructive operation that can degrade safety properties of the base model.…
AI SecurityRAG Security — Vector Store Leaks, Retrieval Hijacks, Embedding Inversion
Retrieval-Augmented Generation looks like a clean architecture: store docs as vectors, retrieve relevant ones at query time, feed to LLM. The security…
AI SecurityBuild Your Own Local LLM — Ollama, vLLM, llama.cpp from Scratch
Self-hosting an LLM costs less than ChatGPT Plus, runs on a gaming laptop, and gives you full data sovereignty (DPDP-compliant out of…
AI SecurityData Poisoning and AI Supply Chain — Attacks Before Deployment
Most AI defenders worry about runtime attacks. Sophisticated attackers go upstream — poisoning training data, hijacking model registries, planting backdoors in fine-tuned…
AI SecurityPrompt Injection — Direct, Indirect, and Why It Will Not Be Patched
Prompt injection is to LLMs what SQL injection was to web apps in 2002 — except this time there is no equivalent…