Practitioner-grade cybersecurity content
Technical playbooks, war stories, and how-to-think guides — written by practitioners, anchored to the Indian context.
Want structured, step-by-step learning instead? Explore the Academy (guided courses) or the AI security hub.
Latest articles
Most recent practitioner playbooks across every track. Filter by topic in the sidebar, or use search.
Risk Management Practitioner
Risk identification, analysis, treatment, monitoring — practitioner-level workflow with FAIR-style quantification, risk register, KRIs, and the link between risk register and security…
AcademySecurity Governance for CISOs
How CISOs build a governance programme that survives both audits and incidents — security committee structure, risk appetite, policy hierarchy, board reporting,…
ComplianceAI Compliance for Indian Organisations in 2026
Indian AI compliance landscape — DPDP for data, sectoral regulators (RBI/SEBI/IRDAI/CDSCO), Digital India Bill, EU AI Act extra-territoriality. Practical compliance: classification, documentation,…
Red TeamingDefending LLM Applications: The 6-Layer Stack
Layered defence for production LLM applications — input filter, prompt hardening, output filter, tool/agent constraints, rate limiting, monitoring. Architectural bounding via capability…
Security GuidesModel Theft and Extraction Attacks
Model theft via API querying — functional theft, architecture theft, membership inference, model inversion. Defences (rate limiting, output perturbation, watermarking, differential privacy).…
Red TeamingAdversarial ML Examples: Attacks and Defences
Adversarial examples — white-box (PGD), black-box (transfer, score-based, decision-based), physical-world attacks (patches, glasses, road signs), text adversarial. Adversarial training, defensive distillation, input…
Red TeamingAI Agent Security: Securing Autonomous LLM Systems
AI agent attack surface — prompt injection via tool inputs (RCE-equivalent), tool chaining for escalation, excessive permissions, state-persistence attacks. Capability separation +…
Security GuidesRAG Security: Retrieval-Augmented Generation Attack Surface
RAG-specific attacks — document poisoning, indirect prompt injection, authorisation bypass via retrieval, embedding-based attacks, knowledge-base data exfiltration. Document, retrieval, and LLM-side defences.
Security GuidesAI Model Poisoning: Training, Fine-Tuning, RAG
Model poisoning variants — training data, fine-tuning, RAG document poisoning, backdoor attacks. Detection (provenance, anomaly, activation analysis). Defences (data hygiene, robust training,…
Red TeamingPrompt Injection: Direct vs Indirect Attacks
Prompt injection variants — direct (user jailbreaks), indirect (malicious instructions in processed content). Real attack examples, encoding bypasses, multi-turn manipulation, RAG-based injection.…