Writing

Security write-ups, lab notes, and research

Practical notes on AI security, LLM attack surfaces, and the craft of finding and explaining vulnerabilities. Written for practitioners and technical founders alike.

A working taxonomy of LLM attacks: against, using, and within

A practical scheme for classifying LLM attacks by their relationship to the model: against it, using it, or within it, and how it relates to the OWASP LLM Top 10 and MITRE ATLAS.

8 June 2026·5 min read

EU AI Act Article 15 Deferred: What Changes for AI Security Testing

The Digital Omnibus pushed Article 15's cybersecurity requirements to December 2027. The deadline moved; the obligation didn't. Here's what it means for SaaS teams shipping AI features.

1 June 2026·7 min read

Indirect prompt injection: when your AI feature reads attacker-controlled documents

How attackers embed instructions in PDFs, docx files, and web pages that your RAG pipeline ingests — and what your system prompt can and can't do about it.

24 May 2026·9 min read

OWASP Agentic Top 10 (2026): what changed and what it means for your roadmap

The new Agentic Top 10 goes beyond the LLM Top 10 — tool-call abuse, orchestrator trust boundaries, and why multi-agent systems break existing defenses.

Draft in progress

Follow on LinkedIn to get notified when posts go up.

Follow on LinkedIn

← Back to home