Notes from the bench.
Findings, post-mortems, scanner walkthroughs and the occasional opinion. Written by the operators on the engagement, not by the marketing team. No template-driven slop.
AI Security
AI Red Teaming: How We Attack AI Systems Before Someone Else Does
AI red teaming is structured adversarial testing of an AI system: we try to make your model leak data, ignore its guardrails, and abuse its tools, then hand you reproducible…
AI Security
Securing LLM Applications: A Practical OWASP LLM Top 10 Walkthrough
Securing an LLM application means treating model output as untrusted input and putting hard controls around the model, its data, and its tools.
AI Security
Prompt Injection and Prompt Monitoring: An Attacker’s View
Prompt injection lets attacker-controlled text override an LLM's instructions to exfiltrate data or abuse tools. Here is how the attacks work and how to catch them in production.
AI Security
Controlling AI Agents: A Practical Guide to AI Agent Security
AI agent security means treating an autonomous agent as an untrusted user with credentials: scope every tool to least privilege, gate risky actions behind humans, validate every action, and keep…
AI Security
AI Security: A Practical Guide to Protecting LLMs and AI Agents
AI security is the practice of protecting AI systems, the data they touch, and the actions they take from attack and abuse.
Uncategorized
Comprehensive Guide to Black Box Penetration Testing: Techniques, Tools, and Best Practices
A comprehensive black box penetration testing playbook — the techniques, tools and best practices that make external, zero-knowledge assessments effective, plus the challenges to expect.
Written by the operators
on the engagement.
We publish what we'd want to read on the train home. Reproducers, post-mortems, the occasional opinion. If a piece doesn't survive a peer review by the bench, it doesn't ship.