Field notes on securing & governing AI.
Deep-dive research, practical guides, illustrated explainers and field tools — agentic-AI threats, defenses, and the controls that hold up to audit.
Indirect prompt injection in tool-using agents
When an agent reads attacker-controlled content, that content can become instructions. The anatomy, the blast radius, and the controls that contain it.
Read more →Securing Agentic AI: Why Autonomy Changes the Risk Model
Traditional AppSec assumes a human acts on the model's output. Agents remove the human. When output becomes action, the risk model has to change with it.
Read more →Prompt Injection: The #1 Risk Every AI Product Team Must Understand
Why the top risk in the OWASP LLM Top 10 is a design property, not a bug — and what that means for every team shipping AI.
Read more →The New AI Attack Surface: Model, RAG, Tools, Memory, Identity
Securing the model is one-fifth of the job. A component-by-component tour of where AI systems actually get attacked.
Read more →The Lethal Trifecta: Injection + Sensitive Data + Tool Access
Three capabilities that are each fine alone become a data-exfiltration engine when combined. The frame every agent design should pass through.
Read more →What Is Agentic AI Red Teaming?
Why testing an autonomous agent isn't chatbot QA and isn't a pentest — and what a real agentic red team actually does.
Read more →OWASP LLM Top 10, illustrated
The ten biggest LLM application risks — explained as a visual story for the whole team, not just security.
Read the comic →OWASP Agentic AI Top 10, illustrated
What changes when AI can act: the agentic risk classes, drawn out panel by panel.
Read the comic →The Architecture of Intelligence
A framework for understanding AI agent systems — how they're built, and where security and governance have to live inside that architecture.
Download the PDF →