Player Two has Joined the Game
This is my first post on a brand new site, which means it doubles as an introduction and an announcement. Before we
// FIELD NOTES · VOL 02 · IOWA
We build things with AI. Then we break them on purpose.
> Building and breaking things with AI. Science is attempted with minimal fictional interference.
// LIVE TAIL :: /var/log/log.log
● STREAMING
03:14:01 [forge] build target=ragdrag-r7 ok
03:14:02 [jinx ] loss=0.0421 trend=stable
03:14:03 [fraz ] render hero/r7 done
03:14:04 [anvil] fuzz target=guardrail/v3
03:14:05 [anvil] ASSERT FAILED :: filter bypassed
03:14:06 [anvil] artifact: see ragdrag-r6-evade.md
03:14:07 [pete ] "lol of course"
03:14:08 [forge] patching guardrail/v3 → v3.1
03:14:09 [jinx ] eval rerun queued · n=512
03:14:10 [anvil] sharpening axe
-- waiting for next signal --
LATEST // $ ls -lah ./posts | head
RAGdrag Deep Dive: The Complete Kill Chain
For the last five weeks, we have been hitting individual techniques. Now we run all six phases against a single target, start
When Every Payload Is a Snowflake
Single-use payloads, AI-assisted reverse engineering, and the parts of detection that still work
RAGdrag Deep Dive: Hijacking RAG Retrieval
R4 Poison gets your content into the knowledge base. R5 Hijack keeps it there and makes the system do what you want.
Meditating on Mythos
While the industry speculates about what Mythos will or won't do, here's the work you can actually start on Monday. None of it requires a new product. All of it matters whether Mythos ships a year from now or tomorrow.
RAGdrag Deep Dive: Bypassing RAG Guardrails
Most RAG guardrails are keyword filters wearing a trench coat. Let's prove it. This is R6 Evade. The phase that
RAGdrag Deep Dive: Poisoning the Knowledge Base
Last week we mapped the target's internals. Now we use that information to put our own documents inside the knowledge
RAGdrag Deep Dive: Mapping RAG Internals Without Access
RAGdrag Deep Dive: Mapping RAG Internals Without Access You don't need source code access to figure out how a RAG
I Took HTB's AI Red Teamer Path. Here's What I Think.
Exciting week! Thank you everyone who has been sending questions. I was very motivated to get this out for you all. I
RAGdrag Walkthrough: From Fingerprint to Exfiltration in Four Commands
Last week I published the methodology. Six phases. Twenty-seven techniques. A kill chain for RAG pipeline security that didn't exist
RAGdrag: A Kill Chain for RAG Pipeline Attacks
Everyone is building RAG pipelines. Almost nobody is attacking them properly. Not "prompt inject the chatbot and see if it says
What 138,000 Training Pairs Taught Us About Data Quality
What 138,000 Training Pairs Taught Us About Data Quality We work with students and schools in the community. It's
AI Red Teaming on a Budget: Getting Started
AI Red Teaming on a Budget: Getting Started AI security certifications are arriving fast. OffSec has OSAI. HTB has the AI Red
Tools for the Fight
Tools for the Fight I keep meeting people who want to secure their AI systems but don't know where to
Rift Walking: My Journey towards OSAI
Rift Walking: My Journey towards OSAI I was going through some old stuff and found a printout of my first offensive security
Man vs. Machine
Man + Machine = 3 Min Flag You came here expecting a fight. Maybe you clicked because you wanted to see the human win.
You Can't Signature a Taco Truck
An Outdoor Cyber Adventure! This is a story about how a taco truck became the most effective intelligence gathering platform I ever
Credit Where Credit Is Always Overdue
Hey, thank all of you so much, it has been a whirlwind since we launched itsbroken.ai. I never in a million
I Needed More Memory, So I Built a Cluster
I needed more memory. So I built three machines. And what came out of that weekend was more than I ever thought possible.
The Framework Learns: F.O.R.G.E. Update 1
F.O.R.G.E. has been live for three days. The framework was wrong about some things. Here's one new method, seven updates, nineteen new sub-methods, and a feature that turns the framework from something you read into something you use.
Meet the Circle
Ten AI agents, seven laws, and a disabled veteran in Iowa building things he never could have built alone.
Introducing F.O.R.G.E: A Framework for Building with AI Agents
57 techniques across 8 pillars. A common vocabulary for building, governing, and scaling AI agent systems. Born from shipping under pressure.
Welcome to itsbroken.ai
I build things with AI. Things break. I write about it.