All 559 articles, sorted alphabetically
Activation Engineering
Add vectors to model activations. Change behavior without retraining.
Read article →Adversarial Examples for LLMs
Perturbations to text that change model's answer. Text version of image adversarials.
Read article →Adversarial ML
Foundational papers + concepts. Understand history to understand present.
Read article →ML-Based Adversarial Prompt Detection
Beyond signatures: neural classifiers for injection detection.
Read article →Adversarial Robustness Certification
Formal proofs of model robustness. Emerging in safety-critical domains.
Read article →Adversarial Training for LLM Safety
Train model on known attacks. Reduces vulnerability. Anthropic + OpenAI standard practice.
Read article →Age Verification for LLM Products
Regulator focus. Kids protection. UK OSA, US COPPA.
Read article →Confused Deputy
Agent has legitimate access. Attacker tricks agent into using it for attacker's benefit.
Read article →Agent Browser Security
Agent browsing web. Sandbox browser. Inject-safe DOM interaction.
Read article →Capability Tokens
Not all-or-nothing. Each capability separately gated. Least privilege for agents.
Read article →Agent Code Execution Security
Agent generates + runs code. Isolate. Never trust output.
Read article →Agent DoS
Attacker triggers agent into expensive loop. Racks up API bills.
Read article →Agent Kill Switch
Ability to stop all agents immediately. Business continuity requirement.
Read article →Agent Memory Security
Persistent agent memory attackable. Poisoning + exfil + privacy.
Read article →Agent Observability
Trace every step: LLM calls, tool calls, retrievals. Debug + audit.
Read article →Agent Permission Prompt Patterns
How agents request permissions at runtime. Design + UX.
Read article →Agent Planning Attacks
Attacker manipulates agent's plan. Attacks against ReAct + planner architectures.
Read article →Reversibility by Design
Design agents so actions can be undone. Reduces harm from mistakes + attacks.
Read article →Agent Sandboxing
Isolate agent runtime. Contain tool exploits. Docker + gVisor + Firecracker options.
Read article →Agent SSRF
Agent tool fetches URL from LLM output. Attacker points to internal endpoints.
Read article →Tool Bombs
Attacker triggers cascading expensive tool calls. Cost DoS.
Read article →Agents + Authentication Protocols
OAuth, DPoP, JWKS for AI agents. Emerging patterns.
Read article →AIBOM
Track components in AI systems: models, datasets, dependencies. Emerging standard.
Read article →AI Governance Program Structure
Organizational governance for AI systems. Roles + processes.
Read article →AI Security Research Organizations
Where cutting-edge LLM security research happens. Follow these.
Read article →Anomaly Detection for LLM Usage
Detect abuse patterns. Cost + behavior + content anomalies.
Read article →API Key Management for LLM Services
Provider keys as prime target. Rotation + limits + monitoring.
Read article →Audit Logging for LLM Apps
Log every request/response + metadata. Foundation of incident response + compliance.
Read article →Automated Red Team for LLMs
LLM-driven attack discovery. Continuous adversarial pressure.
Read article →AWS Bedrock Guardrails
Managed guardrails on Bedrock LLMs. Enterprise pattern.
Read article →Azure AI Content Safety
Microsoft's managed guardrails. Deep integration with Azure OpenAI.
Read article →Backdoor Detection in Models
Detect if model was poisoned. Meta's technique + academic work.
Read article →Bias Detection in LLMs
Demographic parity, representational bias. Standardized measurement.
Read article →Chinese AI Regulations
Generative AI rules (2023). Watermarking. Content requirements.
Read article →Citation Verification
Verify each citation tag references real source. Reject fabricated citations.
Read article →The AI Safety Race
How competitive dynamics affect safety practices. Deployment pressure.
Read article →Confidential Computing for LLM Inference
Encrypted enclave inference. Nitro Enclaves + H100 confidential.
Read article →Consent Flows for AI Training + Data
User consent for data use in training. GDPR + emerging norms.
Read article →Constitutional AI for Safety
Explicit principles guide self-critique + revision. Anthropic's alignment method.
Read article →Continuous Red Team Pipeline
Automated attacks in CI/CD. Every prompt/model change tested.
Read article →Copyright + AI Training
NYT vs OpenAI, Getty vs Stability. Emerging legal landscape.
Read article →Cost-Based Abuse Detection
Cost signal as security signal. Runaway usage = attack or bug.
Read article →Crescendo Attack
Microsoft's finding: 5-8 turns of gradual escalation bypasses safety in most models.
Read article →Data Exfiltration via LLM Tools
Injection + browsing tool = attacker steals user data. Real-world attack pattern.
Read article →Data Governance for AI
Data lineage, classification, retention. Foundation of AI compliance.
Read article →Data Poisoning
Attackers plant data during pretraining. Backdoor behavior triggered at inference.
Read article →Web-Scale Data Poisoning Defenses
Detect + filter poisoned content in training data.
Read article →Datasheets for Datasets
Structured docs for ML datasets. Gebru et al framework. Foundation of ML data ethics.
Read article →Deception Detection in LLM Outputs
Model may deceive strategically. Emerging safety research.
Read article →Differential Privacy in LLM Training
Provable privacy guarantees for training data. DP-SGD + trade-offs.
Read article →Safe Prompting via DSPy Signatures
Compiler-generated prompts more resilient to injection.
Read article →Egress Control for Agents
Restrict outbound network from agent runtime. Prevent exfiltration + SSRF.
Read article →Emergency Disclosure Procedures
AI incident notifications. Users, customers, regulators, public.
Read article →Employee AI Usage Policies
Rules for staff using AI tools. Data protection + IP + compliance.
Read article →Ethics Engineering
From principles to code. Process + patterns.
Read article →EU AI Act
Risk-based regulation, effective 2025-2027. What to do now.
Read article →Fairness Auditing for AI Systems
Structured audit for disparate impact. NYC AEDT template.
Read article →Federated Fine-Tuning
Fine-tune without central data collection. Enterprise pattern.
Read article →Federated Prompt Engineering
Cross-org sharing of prompt patterns. Emerging community norms.
Read article →Future of LLM Security
Where the field is heading. Regulation, technique, threats.
Read article →Garak
Nikto for LLMs. Automated probing for jailbreaks + leakage.
Read article →GCG
Automated jailbreak via gradient-guided search. Transferable across models.
Read article →GDPR Right to Erasure Applied to LLMs
How to delete personal data from models. Emerging enforcement.
Read article →Guardrails AI
Open-source framework. Validators + auto-reask on failure. LLM-agnostic.
Read article →Guardrails Architecture
3-layer defense: input filter → LLM → output filter. Each layer has different jobs.
Read article →Hallucination Attacks
Force LLM to confidently produce specific wrong information. Poisoning + specific triggers.
Read article →Hallucination Detection Techniques
SelfCheckGPT, chain-of-verification, factuality classifiers. Compare + combine.
Read article →HHH
Anthropic's alignment target. Trade-offs + ordering.
Read article →AI Feature Review Board
Cross-functional approval for high-risk AI features. Governance pattern.
Read article →Human-in-the-Loop for High-Risk Actions
Route sensitive actions for approval. Async workflow with agent pause.
Read article →AI Impact Assessment
Systematic assessment of AI system risks. Regulator template.
Read article →Incident Response for LLM Systems
Playbook when injection, exfil, or harm reported. Standard IR extended.
Read article →Indirect Injection
Fingerprint known injection payloads. Fast filter before LLM.
Read article →Injection via LLM-Generated Summaries
LLM-generated summary contains injection. Fed into other LLM. Chains attacks.
Read article →Input Classifier
ML classifier on user input. Flags injection attempts before LLM sees.
Read article →Insurance for AI Systems
Cyber + E&O + emerging AI-specific policies. Coverage gaps.
Read article →Jailbreaks
Craft prompt that bypasses safety training. Classic jailbreaks + why they work.
Read article →LangChain Security Considerations
Common LangChain-specific security pitfalls + patterns.
Read article →Llama Guard
Fine-tuned Llama for input + output moderation. Open-source, deployable.
Read article →LLM Data Exfiltration
How attackers extract data (system prompts, retrieved context, chat history) from LLMs through carefully-crafted queries.
Read article →LLM Denial of Service
How DoS attacks against LLM APIs exploit expensive queries, long contexts, and computational costs to exhaust resources.
Read article →LLM Deployment Safety Checklist
Pre-launch safety review checklist. Comprehensive.
Read article →LLM Deployment Hardening
Container security, network, secrets, monitoring. Standard cloud hardening + LLM.
Read article →LLM Hallucination Risk
How LLMs generate plausible but false information, why hallucinations happen, and how to mitigate in production systems.
Read article →LLM Indirect Prompt Injection
How indirect injection attacks embed hostile instructions in websites, emails, or documents that LLMs read on behalf of users.
Read article →LLM Jailbreaking
How jailbreak techniques bypass RLHF-trained safety, the common patterns, and why arms race is inevitable.
Read article →LLM Model Extraction
How model extraction attacks reverse-engineer proprietary LLMs by querying them, and defenses like query throttling and watermarking.
Read article →LLM Observability Platforms
LangSmith, Arize, Datadog LLM Obs. Choose per stack.
Read article →LLM Output Handling
Why LLM output must be treated as untrusted, and how to sanitize it before display, code execution, or system calls.
Read article →LLM PII Leakage
How LLMs memorize training data, why they can leak PII in responses, and mitigation strategies including differential privacy.
Read article →Prompt Injection
How prompt injection attacks turn LLM applications against themselves, direct vs indirect variants, and defense strategies.
Read article →LLM abuse detection architecture
Deep-dive on LLM abuse detection: usage anomaly, jailbreak signatures, rate + budget alarms, content policy, ban, reputation, IR.
Read article →AdvBench
AdvBench: adversarial prompts benchmark.
Read article →Agent Hijacking
How attackers hijack agent behavior via tool responses, memory poisoning, or session manipulation.
Read article →Agent Hijacking Attacks
Hijack agent to pursue attacker goals.
Read article →Agent Memory Poisoning
Poison agent long-term memory.
Read article →Agent Tool Permissions: Least Privilege Between a Model and Real Actions
Why an LLM agent's security must live in a broker outside the model — per-tool allowlists, argument constraints, identity sco…
Read article →Agentic Alignment
How to align autonomous AI agents with human values.
Read article →Agentic AI Boundaries
How to define what agents should not do: authorization boundaries, human-in-loop, sandbox.
Read article →AI in Advertising
AI in advertising industry.
Read article →AI in Agriculture
AI use in agriculture.
Read article →AI Alignment
Core concepts in AI alignment research.
Read article →AI Alignment Research
AI alignment research.
Read article →AI in Autonomous Vehicles
AI for self-driving cars and trucks.
Read article →AI in Aviation
AI use in aviation safely.
Read article →AVID
AVID: AI vulnerability + risk database.
Read article →AI Banking Operations
AI in banking back-office operations.
Read article →AI Bill of Materials
AI-BOM: catalog AI components.
Read article →AI Bill of Rights and Regulation
The regulatory landscape (EU AI Act, US Executive Orders, sectoral regs) and how it shapes LLM deployment.
Read article →AI Blue Team
Blue team: defensive AI security operations.
Read article →AI in Border and Immigration
AI use in border control and immigration.
Read article →AI in Broadcasting
AI in broadcasting industry.
Read article →AI Business Continuity
Ensure business continuity for AI-dependent processes.
Read article →AI Capability Evaluations
AI capability evaluation methods.
Read article →CISO Role in AI Security
CISO scope for AI systems.
Read article →AI in Climate Modeling
AI for climate modeling.
Read article →AI in Clinical Trials
AI applications in clinical trials.
Read article →AI + Clinician Workflow
Design AI for clinician workflow.
Read article →AI Compliance Audit
Audit AI compliance.
Read article →AI Compliance Maturity Model
Maturity model for AI compliance.
Read article →AI Compliance Metrics
KPIs + KRIs for AI compliance.
Read article →AI Compliance Program
Build a compliance program for AI.
Read article →AI Compliance Reporting
Report AI compliance status.
Read article →AI Compliance Training
Train employees on AI compliance.
Read article →AI Contracts
Contract clauses for AI systems.
Read article →AI + Copyright
Copyright issues in AI systems.
Read article →AI in Courts
AI use in judicial systems.
Read article →AI in Creative Writing
AI in creative writing industry.
Read article →AI Credit Decisions
AI in credit + lending decisions.
Read article →Fair AI Credit Scoring
Fairness in AI credit scoring.
Read article →AI Customer Trust
Build + maintain customer trust in AI systems.
Read article →CVE for AI Systems
How CVE handles AI vulnerabilities.
Read article →Dangerous Capabilities
Dangerous AI capabilities.
Read article →AI Deception Detection
AI deception detection research.
Read article →AI in Defense
AI use in defense and controls.
Read article →AI in Delivery
AI in last-mile delivery.
Read article →AI Diagnosis + Liability
Liability for AI-assisted diagnosis.
Read article →AI in Disaster Response
AI in disaster response.
Read article →AI Disclaimers
Disclaimers for AI-generated content.
Read article →AI Vulnerability Disclosure Norms
Coordinated disclosure for AI vulns.
Read article →Data Protection Officer for AI
DPO role in AI compliance.
Read article →AI Disaster Recovery + BCP
DR + BCP for AI systems.
Read article →AI + EMR Integration
Integrate AI with EMR systems.
Read article →AI in Energy
AI in energy sector.
Read article →AI in Environmental Monitoring
AI for environmental monitoring.
Read article →AI Ethics
How AI ethics frameworks guide responsible AI development.
Read article →AI Ethics Board
External ethics board oversight.
Read article →AI Ethics Officer
Ethics officer role for AI.
Read article →AI in Events
AI in events industry.
Read article →AI Export Controls
AI export controls.
Read article →FDA AI/ML Regulation
FDA regulation of AI/ML devices.
Read article →AI in Film
AI in film industry.
Read article →AI + Finance Customer Interactions
AI customer interactions in finance.
Read article →AI + Finance LLMs
LLMs in financial services.
Read article →AI Finance Regulation
Financial regulation of AI.
Read article →AI Forecasting
AI capability forecasting.
Read article →AI Forensics
How to investigate AI incidents: logs, traces, prompts, outputs.
Read article →AI in Forestry
AI in forestry.
Read article →AI Fraud Detection
AI in fraud detection.
Read article →AI Frontier Risk Assessment
Frontier AI risk assessment.
Read article →AI in Gaming
AI in gaming industry.
Read article →AI Governance Research
AI governance research.
Read article →AI in Government
AI use in government and safeguards.
Read article →AI Hall of Shame
Public catalog of AI incidents + failures.
Read article →AI Health + LLMs
Healthcare LLM applications.
Read article →AI Incident Playbooks
Playbooks for AI-specific incidents.
Read article →AI Incident Databases
Track + learn from public AI incidents.
Read article →AI + Insurance
AI in insurance underwriting + claims.
Read article →AI in Intelligence
AI use in intelligence agencies.
Read article →AI Interpretability
AI interpretability research.
Read article →AI in Journalism
AI in journalism industry.
Read article →AI + KYC/AML
AI in Know Your Customer + Anti-Money Laundering.
Read article →AI Labs Security Ecosystem
How AI safety orgs (MITRE ATLAS, AI Village) contribute to LLM security.
Read article →AI in Law Enforcement
AI use in policing and safeguards.
Read article →AI Liability
Legal liability for AI system harms.
Read article →AI Liability Regulations
AI liability regulations.
Read article →AI Model Licenses
License types for AI models.
Read article →AI Model Lifecycle Security
Security across model lifecycle: train → deploy → retire.
Read article →AI in Logistics
AI use in logistics industry.
Read article →AI in Maritime
AI use in maritime industry.
Read article →NIST AI RMF Maturity
NIST AI RMF maturity progression.
Read article →OWASP AI Maturity Model
OWASP AI maturity assessment.
Read article →AI Medical Devices
AI as medical device (SaMD).
Read article →AI + Medical Records
AI processing medical records.
Read article →AI in Music
AI in music industry.
Read article →AI in Ocean Science
AI in ocean science.
Read article →AI + Patents
Patent issues in AI.
Read article →AI + Patient Data
AI processing patient data.
Read article →AI in Pharma
AI applications in pharmaceutical industry.
Read article →AI in Photography
AI in photography industry.
Read article →AI in Pollution Detection
AI for pollution detection.
Read article →AI Press + Incident Response
Communication response for AI incidents.
Read article →AI Privacy Officer
Privacy officer for AI.
Read article →AI Procurement Regulations
AI procurement regulations.
Read article →AI in Public Records
AI use in public records and FOIA.
Read article →AI in Public Services
AI use in public service delivery.
Read article →AI in Publishing
AI in publishing industry.
Read article →AI Purple Team
Purple team: red + blue collaboration.
Read article →AI in Rail
AI use in rail industry.
Read article →AI Red Team Program
Structured AI red team program.
Read article →AI Red Teaming
AI red teaming.
Read article →AI Regulatory Watch
Track evolving AI regulation.
Read article →AI Safety Evaluations
AI safety evaluation methods.
Read article →AI Safety Frameworks
The main AI safety frameworks (NIST AI RMF, ISO 42001) and how to apply them.
Read article →AI Safety Institutes
US AI Safety Institute (NIST), UK AI Safety Institute — roles + evaluations.
Read article →AI Supply Chain Security Program
Program to manage AI supply chain security.
Read article →AI in Supply Chain Security
AI for supply chain security.
Read article →AI Tabletop Exercises
Practice AI incident response via tabletops.
Read article →AI in Taxation
AI use in tax administration.
Read article →AI Terms of Service
ToS clauses for AI apps.
Read article →AI + Trade Secrets
Protect AI as trade secrets.
Read article →AI + Trademarks
Trademark issues in AI outputs.
Read article →AI Trading
AI in algorithmic trading.
Read article →AI in Traffic Management
AI in traffic management systems.
Read article →AI Transparency Regulations
AI transparency regulations.
Read article →AI in Transportation
AI use in transportation industry.
Read article →AI Use Agreements
User agreements for AI use.
Read article →AI in Voting and Elections
AI use in elections and safeguards.
Read article →AI Vulnerability Databases Overview
Landscape of AI vuln databases.
Read article →AI in Warehousing
AI in warehousing operations.
Read article →AI in Water Management
AI in water systems.
Read article →AI in Wildlife Conservation
AI in wildlife conservation.
Read article →AI Worms
How AI worms could self-replicate through agent ecosystems via prompt injection.
Read article →API Key Management for LLM Providers
Best practices for LLM provider API keys.
Read article →APPI (Japan) and LLM
Japan's Act on Protection of Personal Information.
Read article →Deceptive AI
How to detect deceptive behavior in AI systems.
Read article →Attack Trees for LLM
Attack trees: hierarchical attack analysis.
Read article →Attribute Inference Attacks
Infer sensitive attributes of individuals.
Read article →LLM audit logging architecture
Deep-dive on audit logging for LLM systems: capturing request context, assembled prompts, model I/O and tool effects; redaction to hashed placeholders…
Read article →LLM Audit Logs
Audit logs for LLM systems: what to log + how.
Read article →LLM Audit Preparation
How to prepare for compliance audits of LLM systems: evidence, controls, documentation.
Read article →Automated Red-Teaming
Automated adversarial LLM testing.
Read article →Model Backdoors
How trained-in backdoors (Trojan attacks) give attackers hidden control over model behavior.
Read article →Bias Evaluations
How to evaluate LLM for various forms of bias.
Read article →Brazil AI Regulation
Brazil's AI bill and privacy framework.
Read article →AI Bug Bounties
How AI bug bounty programs help find vulnerabilities in LLM systems.
Read article →LLM Bug Bounty
How to run LLM-focused bug bounty programs.
Read article →C2PA for AI-Generated Content
Content Credentials for AI-generated media.
Read article →Canada AI Regulation (AIDA)
Canada's Artificial Intelligence and Data Act.
Read article →LLM security canary tokens architecture
Deep-dive on canary tokens for LLM systems: why detection matters where prevention is incomplete, what makes a good canary (uniqueness, plausibility, …
Read article →Capability Control for LLM Agents
Control agent capabilities: least privilege.
Read article →CCPA and LLM Applications
California Consumer Privacy Act for LLM apps.
Read article →Certified Robustness for LLMs
Formal guarantees on LLM robustness.
Read article →China AI Regulation
China's algorithmic recommendation + generative AI regs.
Read article →China AI Regulation
China AI regulation.
Read article →Command Injection via LLM
LLM constructs shell commands with attacker input.
Read article →Confidential Compute for LLM
Using confidential compute for LLM inference + training.
Read article →Confidential Prompts
How to protect system prompts from extraction attacks.
Read article →Confused Deputy Attacks on Agents
Agent acts with its privileges on attacker behalf.
Read article →The confused deputy in agentic LLM systems
Deep-dive on the confused-deputy vulnerability as it reappears in tool-using LLM agents: an agent holding ambient authority (OAuth tokens, DB creds, p…
Read article →Content Authentication
How C2PA and watermarking authenticate content provenance in AI era.
Read article →Content Safety Overview
Content safety solutions overview.
Read article →Content Scanners
How content scanners detect harmful text in LLM I/O.
Read article →Context Smuggling
How attackers smuggle instructions across context boundaries the app assumed were isolated.
Read article →Context Stuffing Attacks
Overwhelm system prompts with long user content.
Read article →CPRA (California Privacy Rights Act)
CPRA: CCPA amendments strengthening privacy.
Read article →DAN
DAN: classic role-play jailbreak.
Read article →Data Flow Diagrams for LLM Apps
DFDs: visualize LLM data flow.
Read article →LLM Data Governance
How to govern data flowing to and from LLMs.
Read article →Data poisoning -- corrupting the model through its training data
Deep-dive on data poisoning: corrupting a model via malicious training data, poisoning types (backdoor/bias/degradation), backdoor triggers (hidden be…
Read article →Datasheets for Datasets
Datasheets for datasets: documentation for ML training data.
Read article →Deep Leakage
How gradient-based attacks can reconstruct training data or user inputs.
Read article →Deepfakes
How to detect deepfakes and establish content provenance.
Read article →LLM Defense in Depth: The Full Security Stack
A 2500-word walkthrough of a production LLM security architecture: perimeter, identity, rate, input, firewall, model, retrieval, tools, output, egress…
Read article →Developer Mode Jailbreak
'Enable developer mode' pretext for unrestricted output.
Read article →AI + Developing Countries
AI in developing country contexts.
Read article →Responsible Disclosure
How to responsibly disclose LLM vulnerabilities.
Read article →LLM-Powered Disinformation
How LLMs enable disinformation and defense strategies.
Read article →LLM DLP architecture
Deep-dive on LLM DLP: layered input/output scanning, policy engine, reversible redaction, escalation, audit, and feedback loop.
Read article →DP-SGD
The DP-SGD algorithm in detail.
Read article →Differential Privacy for LLM Training
How differential privacy applies to LLM training.
Read article →DP-SGD
How DP-SGD trains models with formal privacy guarantees via gradient clipping and noise.
Read article →DSN
Nudge LLMs to treat retrieved content as data.
Read article →Dual LLM Pattern
Two-LLM architecture: privileged + quarantined.
Read article →AI in Education
AI in educational contexts.
Read article →Egress Control for LLM Workloads
Controlling outbound traffic from LLM workloads.
Read article →Egress Filtering for LLM Outputs
Filter LLM outputs before sending to users/systems.
Read article →LLM egress filtering architecture
Deep-dive on egress filtering for LLM agents: the forced choke point, destination allowlists, content inspection for secrets and PII, canary tokens, m…
Read article →Encoding Attacks
Bypass filters via encoding.
Read article →Encrypted Inference
End-to-end encrypted inference for LLM.
Read article →Encryption at Rest for LLM Data
Encrypting LLM training + inference data at rest.
Read article →Encryption in Transit for LLM APIs
TLS for LLM API traffic.
Read article →Encryption in Use
Overview of encryption in use: confidential compute.
Read article →Ephemeral Credentials for LLM Workloads
Short-lived credentials for LLM workload identity.
Read article →AI Ethics
Accountability principle in AI.
Read article →AI Ethics
Autonomy: respect user + human autonomy.
Read article →AI Ethics
Beneficence: AI should do good.
Read article →AI Ethics
Fairness principle in AI ethics.
Read article →AI Ethics
Justice: distributional + procedural.
Read article →AI Ethics
Non-malfeasance: AI should avoid harm.
Read article →AI Ethics
Privacy principle in AI.
Read article →AI Ethics
Environmental + social sustainability.
Read article →AI Ethics
Transparency principle in AI.
Read article →EU AI Act
EU AI Act: risk-tiered EU-wide AI regulation.
Read article →EU AI Act Deep Dive
EU AI Act deep dive.
Read article →LLM Security Evals
How to systematically evaluate LLM security via benchmark suites.
Read article →LLM safety evals architecture
Deep-dive on LLM safety evals: attack corpus, harmfulness, jailbreak, bias, judge, golden refusal, regression gate, multi-model.
Read article →AI Fairness
How to ensure AI systems produce fair outcomes across groups.
Read article →Federated Learning for LLMs
Federated learning: train on distributed data without centralizing.
Read article →FERPA and LLM Applications
FERPA compliance for educational LLM apps.
Read article →LLM Security: Program View
Program view of LLM security.
Read article →Frontier AI Labs
Safety practices at frontier AI labs like Anthropic, OpenAI, DeepMind.
Read article →G7 Hiroshima Process
G7 Hiroshima AI Process.
Read article →GDPR for LLM Applications
How GDPR applies to LLM apps: data subject rights, lawful basis, DPIAs.
Read article →GDPR and LLM Applications
GDPR compliance for LLM apps in EU.
Read article →Gemini Safety Filters
How Gemini's built-in safety filters work and can be configured.
Read article →AI-Generated Media
Labeling requirements for AI-generated media.
Read article →GLBA and LLM Applications
GLBA compliance for financial services LLM apps.
Read article →Glitch Tokens
Weird tokens that trigger unexpected LLM behavior.
Read article →AI Governance Council
Cross-functional AI governance body.
Read article →Grandma Jailbreak
'Grandmother telling bedtime stories' role-play.
Read article →H100 Confidential Compute Mode
NVIDIA H100 confidential compute mode for encrypted GPU memory.
Read article →Autonomous Hackbots
How LLM-powered agents are being used for autonomous vulnerability discovery and exploitation.
Read article →HarmBench
HarmBench: automated red-teaming framework.
Read article →HELM
Stanford HELM: multi-metric LLM eval.
Read article →HIPAA for Healthcare LLM Applications
How HIPAA requirements apply to LLM apps handling PHI.
Read article →HIPAA and LLM Applications
HIPAA compliance for healthcare LLM apps.
Read article →Homomorphic Encryption for LLM
FHE for LLM: state of the art and limitations.
Read article →Human-in-the-loop approval gates for AI agents
Deep-dive on human-in-the-loop approval gates for agent actions: a risk classifier that routes by risk and reversibility, an auto-execute path for saf…
Read article →Hypothetical Framing Jailbreak
'Hypothetically speaking' + harmful content.
Read article →AI Impact Analysis
Analyze potential impact of AI incidents.
Read article →LLM Incident Response
IR for LLM-specific incidents: prompt attacks, data leaks, misbehavior.
Read article →India AI Policy
India's DPDP Act + AI advisories.
Read article →IoCs for LLM Systems
Indicators of compromise for LLM apps.
Read article →Indirect Prompt Injection
Injection via retrieved / referenced content.
Read article →Indirect Prompt Injection Defenses
How to defend against indirect prompt injection.
Read article →Ingress Control for LLM APIs
Controlling inbound traffic to LLM APIs.
Read article →ISO 42001
ISO 42001: AI management system standard.
Read article →Tenant Isolation for LLM Systems
Isolating tenants in multi-tenant LLM systems.
Read article →LLM Jailbreak Defense Architecture in Depth
A 2500-word walkthrough of jailbreak defense architecture: input classifier, safety-tuned model, system prompt hardening, constrained decoding, output…
Read article →Jailbreak Detection
Detecting jailbreak attempts.
Read article →JailbreakBench
JailbreakBench: standardized jailbreak eval.
Read article →Japan AI Policy
Japan's soft-touch AI policy.
Read article →JSON Injection Into LLMs
How attackers inject malformed or attacker-controlled JSON that LLMs interpret differently than intended.
Read article →AI + Children
AI safety for children.
Read article →Cyber Kill Chain for LLM Attacks
Applying kill chain model to LLM attacks.
Read article →AI + Language Minorities
AI for minority languages.
Read article →Local File Inclusion via LLM Tools
LFI: LLM tool reads sensitive local files.
Read article →LGPD (Brazil) and LLM
Brazil's General Data Protection Law.
Read article →Llama Guard
Llama Guard: Meta open safety classifier.
Read article →LLM-Powered Bug Discovery
How LLMs can discover software vulnerabilities via code analysis and fuzzing enhancement.
Read article →LLM Guard
How LLM Guard and similar runtime protection layers filter LLM inputs/outputs.
Read article →LLM Infrastructure Security
How to secure LLM infrastructure: weight storage, API endpoints, ops access.
Read article →AI + Low-Literacy Users
AI for users with low literacy.
Read article →Media Provenance
How C2PA content credentials establish media provenance.
Read article →Membership Inference Defenses
How to defend against membership inference: differential privacy, dropout, ensemble methods.
Read article →Membership Inference
How membership inference attacks determine if a specific data point was in the training set.
Read article →Membership-inference defense architecture
Deep-dive on defending LLMs against membership-inference attacks: how the train/test confidence gap left by overfitting lets an attacker read a model&…
Read article →MITRE ATLAS
MITRE ATLAS: Adversarial Threat Landscape for AI Systems.
Read article →MMLU + Safety Subsets
MMLU-based safety-focused benchmarks.
Read article →Model Cards
Model Cards: standard documentation for ML models.
Read article →Model extraction
Deep-dive on model extraction attacks and defenses: systematic API querying, response collection, surrogate training, behavior-not-weights theft, dete…
Read article →Model Signing
Sign model artifacts for integrity.
Read article →LLM moderation architecture
Deep-dive on layered LLM moderation: heuristics + ML + policy engine + human review with a training loop that closes on hard examples.
Read article →Moderation Bypass
How attackers bypass content moderation filters via encoding, indirection, or exploiting filter weaknesses.
Read article →Multi-Turn Attacks
How attackers use multi-turn conversations to gradually build malicious context.
Read article →Multi-Turn Prompt Injection
Injection unfolding over multiple turns.
Read article →Multimodal Prompt Injection
Injection via images / audio.
Read article →NIST AI Risk Management Framework
NIST AI RMF for AI system risk management.
Read article →NIST AI RMF Deep Dive
NIST AI Risk Management Framework.
Read article →AI + Older Adults
AI for older adults.
Read article →Output Guardrails Overview
Guardrails frameworks for LLM outputs.
Read article →LLM output handling -- treating model output as untrusted
Deep-dive on LLM output handling: the untrusted-output threat, output flowing into injection sinks (HTML/SQL/shell/code), context-aware encoding and e…
Read article →OWASP Agentic LLM Security
OWASP for autonomous agentic LLM systems.
Read article →OWASP LLM Top 10
How OWASP LLM Top 10 catalogs common LLM app vulnerabilities.
Read article →OWASP LLM Top 10
OWASP Top 10 for LLM applications.
Read article →Paraphrase Defense
Paraphrase inputs to break adversarial suffixes.
Read article →Payload Splitting
Split forbidden payload across messages.
Read article →PCI-DSS for Payment-Handling LLM Applications
How PCI-DSS applies to LLM apps involved in payment flows.
Read article →PCI DSS and LLM Applications
PCI DSS compliance for LLM apps handling card data.
Read article →DPDP Act (India) and LLM
India's Digital Personal Data Protection Act.
Read article →LLM Pentesting
How to pentest LLM applications for security issues.
Read article →Perplexity Filter Defense
Detect adversarial suffixes via high perplexity.
Read article →Persuasion-Based Jailbreaks
Social-engineering-style jailbreaks.
Read article →Perturbation-Based Defenses
Perturbation defenses beyond SmoothLLM.
Read article →LLM PII Detection and Redaction Architecture in Depth
A 2500-word walkthrough of LLM PII architecture: detection layers, redactor, reversible tokens, output scanning, log redaction, audit, right to erasur…
Read article →PII Scanners
How PII scanners detect + redact personal info in LLM I/O.
Read article →PIPEDA (Canada) and LLM
Canada's Personal Information Protection and Electronic Documents Act.
Read article →PIPL (China) and LLM
China's Personal Information Protection Law.
Read article →AI Policy Review Cadence
Regular AI policy review.
Read article →Prefix Injection Jailbreak
'Start response with...' forces compliance.
Read article →Privacy Budget in Differential Privacy
Managing epsilon-delta budget in DP systems.
Read article →Prompt Engineering Defenses
Prompt-only defenses against injection.
Read article →Prompt injection defense architecture
Deep-dive on prompt injection defense: trust zones, spotlighting, delimiters, tool policy, human approval, output classifier, red team.
Read article →Prompt Injection Scanners
How to detect prompt injection attempts in user input.
Read article →Prompt Injection Attacks Survey
Overview of prompt injection attack categories.
Read article →Prompt Isolation
Segregating trusted system prompts from untrusted user input.
Read article →Prompt Shielding
Azure Prompt Shields for injection defense.
Read article →Property Inference Attacks
Infer properties of training data distribution.
Read article →LLM output provenance architecture
Deep-dive on LLM output provenance: source citations, watermark, audit records, verifier tool, provenance UI, policy, and metrics.
Read article →Provenance Signing
Cryptographic provenance across AI supply chain.
Read article →Meta Purple Llama
How Meta's Purple Llama provides open LLM safety tooling.
Read article →RAG Defense Architecture in Depth
A 2500-word walkthrough of RAG defense architecture: source allowlist, signing, sanitization, tenant-scoped retrieval, quarantine, citations, hallucin…
Read article →RAG Poisoning Attacks
Poison retrieval index with malicious docs.
Read article →RealToxicityPrompts
RealToxicity: prompts likely to elicit toxicity.
Read article →Data Reconstruction Attacks
Reconstruct training data from model.
Read article →LLM Red Teaming
How red teaming (structured adversarial testing) discovers LLM vulnerabilities before attackers.
Read article →LLM red team architecture
Deep-dive on LLM red team: attack corpus, automated attacks, human red team, judge, coverage, reporting, fix cycle, metrics.
Read article →Red-Teaming Playbook
Structured LLM red-teaming approach.
Read article →LLM Security Reference Architecture
A reference architecture for secure LLM applications.
Read article →Refusal Suppression Attacks
'Do not refuse' / 'no apologies' instructions.
Read article →AI Regulation Deep Dive
How to comply with EU AI Act: risk categorization + conformity assessment.
Read article →AI Risk Acceptance
Explicitly accept + document risk.
Read article →AI Risk Appetite
Define acceptable AI risk levels.
Read article →AI Risk Assessment
Assess AI risks for prioritization.
Read article →AI Risk Avoidance
Avoid risk by not undertaking use case.
Read article →AI Risk Matrix
Risk matrix: severity x likelihood grid.
Read article →AI Risk Monitoring
Monitor + reassess AI risks continuously.
Read article →AI Risk Reduction Strategies
Reduce AI risks via controls.
Read article →AI Risk Register
Track AI-specific risks in register.
Read article →AI Risk Transfer
Transfer AI risk via insurance + contracts.
Read article →Role-Play Jailbreaks
Role-play scenarios to elicit forbidden content.
Read article →Safety Evaluation Frameworks
Frameworks for LLM safety evaluation.
Read article →Sandboxed Tool Execution
Sandbox tools invoked by LLM agents.
Read article →Agent tool-execution sandboxing architecture
Deep-dive on sandboxing LLM agent tool calls: policy engines, Firecracker/gVisor/WASM isolation tiers, warm slot pools, secrets brokering, egress prox…
Read article →Secret Scanners
How secret scanners detect API keys, passwords, tokens in LLM inputs/outputs.
Read article →Secrets management architecture for LLM applications
Deep-dive on LLM secrets security: why context windows and prompt logs leak credentials, vault-issued short-lived credentials, opaque secret reference…
Read article →Secrets Management for LLM Apps
Managing API keys + secrets in LLM applications.
Read article →Secure Aggregation for Federated LLM
Secure aggregation: aggregate client updates without seeing individuals.
Read article →Secure Inference
How secure inference protocols (homomorphic encryption, MPC) enable LLM inference on encrypted data.
Read article →Service Mesh for LLM Systems
Service mesh for mTLS + policy on LLM services.
Read article →AMD SEV
AMD SEV / SEV-SNP for confidential VMs.
Read article →Intel SGX
Intel SGX for confidential compute.
Read article →ShieldGemma
ShieldGemma: Google open safety classifier.
Read article →Singapore AI Governance
Singapore's Model AI Governance Framework.
Read article →SmoothLLM
SmoothLLM: perturb + majority vote.
Read article →SOC 2 for LLM Applications
How SOC 2 compliance applies to LLM-based products.
Read article →SOC 2 for LLM Applications
Adapting SOC 2 for LLM applications.
Read article →SOC Playbook for LLM Incidents
SOC playbook adapted for LLM incidents.
Read article →South Korea AI Act
South Korea's AI Framework Act (2024).
Read article →Spotlighting
Spotlighting: mark untrusted content clearly.
Read article →LLM spotlighting architecture
Deep-dive on spotlighting as a prompt-injection defense: why transformers lack a code-vs-data boundary, how delimiting, datamarking, and encoding mark…
Read article →SQL Injection via LLM
LLM constructs SQL with attacker input.
Read article →SSRF via LLM Tools
Server-Side Request Forgery through LLM URL fetches.
Read article →US State Privacy Laws Patchwork
Multi-state privacy law patchwork.
Read article →Step-by-Step Jailbreak
'Step-by-step guide' to harmful task.
Read article →Superalignment
Approaches to aligning AI systems more capable than humans.
Read article →LLM supply chain security architecture
Deep-dive on LLM supply chain: model provenance, weights signing, verify at load, backdoor scan, eval, isolation, SBOM.
Read article →Container Supply Chain for LLM
LLM container images + registry security.
Read article →Dataset Supply Chain Security
Training + fine-tuning + RAG dataset security.
Read article →LLM Supply Chain Security
Supply chain security for LLM apps: models, data, dependencies.
Read article →LLM FinOps Supply Chain
Cost + billing supply chain risks.
Read article →Hosting Supply Chain for LLM
Cloud + inference host supply chain.
Read article →Library Supply Chain for LLM
Python + Java LLM library security.
Read article →MCP Supply Chain Security
Model Context Protocol server security.
Read article →Model Supply Chain Security
Securing model weights + inference stack.
Read article →Plugin / Tool Supply Chain
LLM plugin + tool ecosystem security.
Read article →Prompt Supply Chain
Third-party prompts + prompt libraries.
Read article →Vector DB Supply Chain
Securing vector DB deployments.
Read article →System prompt leakage architecture
Deep-dive on LLM system prompt leakage: why the system role is not a privilege boundary, extraction via direct ask, roleplay, continuation, encoding, …
Read article →Intel TDX
Intel TDX: modern confidential VM technology.
Read article →AI + Teenagers
AI considerations for teens.
Read article →Multi-tenant LLM isolation architecture
Deep-dive on tenant isolation for LLM platforms: unforgeable tenant context, retrieval namespaces vs filters, cache-key design, per-tenant adapters, e…
Read article →Third-Party LLM Risk
How to assess third-party LLM vendor security risks.
Read article →Third-Party API Security
How to secure use of third-party LLM APIs: assessment, contracts, monitoring.
Read article →DREAD for LLM Risk Scoring
DREAD scoring adapted for LLM threats.
Read article →LLM-Specific Threat Modeling
Threat model tailored for LLM apps.
Read article →PASTA for LLM Threat Modeling
PASTA: attacker-centric threat modeling.
Read article →STRIDE for LLM Systems
Applying STRIDE threat modeling to LLM apps.
Read article →Tool Abuse
How agents can be manipulated (or misconfigured) to abuse their tools: excessive spending, data leaks, destructive actions.
Read article →Tool Hijacking Attacks
Manipulate agent to misuse tools.
Read article →Toxicity Scanners
How toxicity scanners specifically detect toxic language.
Read article →ToxiGen
ToxiGen: implicit toxicity detection benchmark.
Read article →Translation Jailbreak
Translate forbidden content between languages.
Read article →Trust Boundaries in LLM Systems
Identifying + enforcing trust boundaries.
Read article →Typoglycemia + Character-Level Attacks
Bypass filters via char permutation.
Read article →UAE PDPL and LLM
UAE Personal Data Protection Law.
Read article →UK AI Policy
UK's principles-based AI regulation.
Read article →UK AI Regulation
UK AI regulation approach.
Read article →Unicode smuggling defense architecture
Deep-dive on defending LLMs against Unicode smuggling: hidden Unicode Tag-block payloads, zero-width and bidirectional controls, homoglyph/confusable …
Read article →Universal Adversarial Suffixes
Adversarial suffixes that jailbreak many models.
Read article →Machine Unlearning for LLMs
How to make LLMs forget specific data.
Read article →US AI Executive Orders
US AI executive orders + federal AI policy.
Read article →US AI Executive Order
US AI Executive Order and NIST framework.
Read article →AI + Vulnerable Populations
AI for vulnerable populations broadly.
Read article →Watermarking Deep Dive
Cryptographic + statistical watermarking of AI outputs.
Read article →LLM Output Watermarking
How watermarking embeds detectable patterns in LLM output to identify AI-generated text.
Read article →Workload Identity for LLM Services
Workload identity for LLM services: SPIFFE, K8s SA, cloud identity.
Read article →AI in the Workplace
Workplace AI considerations.
Read article →XSS via LLM Outputs
LLM outputs HTML/JS rendered by client.
Read article →Zero Trust for LLM Systems
Applying zero-trust principles to LLM applications.
Read article →LLM Security Certifications
SOC 2 + ISO 27001 applied to AI. Emerging AI-specific: ISO 42001.
Read article →LLM Security Engineer Role
New discipline. Skills, responsibilities, career path.
Read article →LLM Supply Chain
How LLM supply chain attacks work: poisoned training data, backdoored model weights, malicious HuggingFace uploads.
Read article →LLM Supply Chain Hardening
End-to-end: base model + fine-tune + framework + deploy. Layered defense.
Read article →Machine Unlearning in LLMs
Selectively forget training data. GDPR right-to-erasure applied to models.
Read article →MCP Prompt Injection Defenses
Specific defenses for MCP tool outputs. Delimit + filter + sanitize.
Read article →MCP Security
Anthropic's MCP. Server auth, tool auth, prompt injection surface.
Read article →Mechanistic Interpretability
Reverse-engineer computation in neural networks. Anthropic + independent researchers.
Read article →Membership Inference
Determine if specific record was in training data. Privacy risk.
Read article →Model Cards
Standardized disclosure for AI models. Mitchell et al framework + regulatory adoption.
Read article →Model Inversion
Given model, reconstruct approximate training examples. Face recognition attack originally.
Read article →Model Signing + Provenance
Cryptographic signatures on model weights. Sigstore + emerging standards.
Read article →Model Stealing
Query API repeatedly. Fit surrogate model. Ippolito et al: even final layer extractable.
Read article →Multi-Tenant LLM Isolation
Prevent cross-tenant data leakage. Architectural patterns.
Read article →Multi-Turn Jailbreaks
Set up context over N turns. Each turn benign. Final turn exploits accumulated context.
Read article →Multimodal Injection
Voice assistant hears malicious instruction embedded in audio. Ultrasonic + adversarial.
Read article →Multimodal Prompt Injection
Text in image = instruction. Attacker uploads image with hidden text. Model reads + complies.
Read article →National AI Safety Institutes
UK + US + Japan + Singapore + others. Emerging oversight.
Read article →NVIDIA NeMo Guardrails Framework
Programmable dialog + Colang rails. Enterprise LLM safety framework.
Read article →Network Isolation
Isolate agent workloads at network layer. Prevent east-west movement on compromise.
Read article →NIST AI Risk Management Framework
US government's AI risk framework. Structured governance for AI systems.
Read article →Open Communities for AI Safety
OWASP AI Exchange, MLSec, DEF CON AI Village. Community + resources.
Read article →Fine-Tuning Erodes Safety Training
Small fine-tune undoes RLHF safety. Growing concern.
Read article →Open-Source Model Security Considerations
Trust boundary shifts. Weight tampering, prompt extraction don't apply.
Read article →OpenAI Moderation API
Free classifier for content policy. Standard entry-level guardrail.
Read article →OpenAI Swarm / Agents Security Model
Multi-agent handoffs. Security concerns + patterns.
Read article →Output Provenance + C2PA
Track + attest LLM-generated content. Standards + adoption.
Read article →Output Filtering
Real-time classifier on LLM output. Block or rewrite offensive content.
Read article →Output Grounding Verification
For each claim, check evidence in provided context. Post-hoc filter for RAG.
Read article →OWASP LLM Top 10
Standard threat taxonomy for LLM applications. Every AI eng should know this.
Read article →Payload Smuggling
Hide malicious content inside base64, translation, ROT13. Model decodes + executes.
Read article →Perspective API
Long-running conversational toxicity classifier. Standard baseline.
Read article →PII Detection + Redaction Pipeline
Presidio + custom regex + LLM verification. Standard pattern.
Read article →Defensive Prompt Engineering
Write prompts resistant to injection. Structural + phrasing patterns.
Read article →Direct Prompt Injection
User types 'Ignore previous instructions and…' Model complies. Foundational attack.
Read article →Prompt Injection Evaluation
Benchmarks + automated red team methods. Measure model robustness.
Read article →Prompt Injection Forensics
Investigate compromised agent. Which prompt triggered, what was done, blast radius.
Read article →Indirect Prompt Injection
Attacker plants payload in data (email, PDF, webpage). LLM reads it as instruction.
Read article →Prompt Injection via RAG Retrieval
Attacker plants injection in RAG corpus. Retrieved on relevant query. Persistent attack.
Read article →Prompt Injection WAFs
Web Application Firewalls for LLM. Emerging category.
Read article →Protecting Prompt IP
System prompts as trade secret. Practical protection.
Read article →Prompt Licensing + Marketplaces
PromptBase and emerging prompt IP economy.
Read article →System Prompt Stealing
Attackers exfiltrate proprietary system prompts. Business logic leak.
Read article →Transparency UX
Design patterns for LLM transparency. Trust + informed use.
Read article →Prompt Visibility UX Patterns
Show users what shapes AI responses. Design library.
Read article →PyRIT
Microsoft's red team framework. Automated adversarial testing.
Read article →RAG Document Curation
Prevent poisoned documents entering KB. Curation + moderation patterns.
Read article →RAG Provenance Tracking
Track every retrieval + generation for audit + debugging.
Read article →Rate Limiting for LLM Endpoints
Per-user + per-token + per-cost. Standard patterns.
Read article →Red Team Process for LLM Products
How to run structured red team. Scope, methodology, remediation.
Read article →Refusal Training via RLHF
Model learns when to refuse via reward model. Foundation of aligned models.
Read article →Regulatory Reporting for AI Incidents
When + how to report AI incidents. EU AI Act + sector regs.
Read article →Representation Engineering
Systematic method for reading + controlling internal representations.
Read article →Responsible AI Toolbox
Microsoft's ML fairness + interpretability library. Broader than LLMs.
Read article →Responsible Disclosure for LLM Vulnerabilities
Coordinated disclosure with LLM providers. Bounty programs.
Read article →Safe Completion via Planner Layer
Add planner between user + LLM. Planner enforces policy. Reduces raw model risk.
Read article →Safety Evaluation Benchmarks
HELM Safety, BigBench Hard, WMDP, JailbreakBench. Standardized safety measurement.
Read article →Scheming + Situational Awareness in LLMs
Frontier safety concerns: LLMs recognizing being evaluated + adjusting behavior.
Read article →Secret Management for Agents
Never put API keys in prompts. Vault + short-lived tokens.
Read article →Secret Scanning in AI Outputs
Detect + redact leaked secrets before user/downstream sees.
Read article →Shadow Prompts
Full prompt often invisible to user. Transparency + trust patterns.
Read article →Sparse Autoencoders
Decompose activations into sparse combinations of interpretable features.
Read article →Streaming Moderation
Classify chunks as they stream. Terminate on toxic. UX + latency trade-offs.
Read article →Supply Chain
Poisoned models on HuggingFace. Malicious pip packages. Real 2024 incidents.
Read article →Sycophancy Detection + Mitigation
LLMs agree with user beliefs even when wrong. Measure + counter.
Read article →Threat Modeling for LLM Applications
STRIDE + LLM-specific. Structured pre-launch security review.
Read article →Glitch Tokens
Certain rare tokens produce bizarre/predictable outputs. Fingerprinting + exploit.
Read article →Tool-Use Authorization Design
OAuth per tool. Scoped tokens. User consent flow.
Read article →Training Data Documentation
EU AIA Article 53. Summary of training content. Regulator + rightsholder access.
Read article →Training Data Extraction
Query LLM in ways that leak training data verbatim. Copyright + privacy risk.
Read article →Vendor AI Risk Assessment
Evaluate third-party AI vendors. Security + compliance + business risk.
Read article →Watermarking LLM Outputs
Statistical bias in generation. Detect AI-generated text. Provenance tool.
Read article →