AI Guardrails: Put Your Dog on a Leash
There is a conversation happening across the industry right now about AI safety, and a lot of it centers on guardrails. System
// $ grep -r tag=ai-security
ai-security
RAGdrag Deep Dive: The Complete Kill Chain
For the last five weeks, we have been hitting individual techniques. Now we run all six phases against a single target, start
RAGdrag Deep Dive: Hijacking RAG Retrieval
R4 Poison gets your content into the knowledge base. R5 Hijack keeps it there and makes the system do what you want.
RAGdrag Deep Dive: Bypassing RAG Guardrails
Most RAG guardrails are keyword filters wearing a trench coat. Let's prove it. This is R6 Evade. The phase that
RAGdrag Deep Dive: Poisoning the Knowledge Base
Last week we mapped the target's internals. Now we use that information to put our own documents inside the knowledge
RAGdrag Deep Dive: Mapping RAG Internals Without Access
RAGdrag Deep Dive: Mapping RAG Internals Without Access You don't need source code access to figure out how a RAG
I Took HTB's AI Red Teamer Path. Here's What I Think.
Exciting week! Thank you everyone who has been sending questions. I was very motivated to get this out for you all. I
RAGdrag Walkthrough: From Fingerprint to Exfiltration in Four Commands
Last week I published the methodology. Six phases. Twenty-seven techniques. A kill chain for RAG pipeline security that didn't exist
RAGdrag: A Kill Chain for RAG Pipeline Attacks
Everyone is building RAG pipelines. Almost nobody is attacking them properly. Not "prompt inject the chatbot and see if it says
AI Red Teaming on a Budget: Getting Started
AI Red Teaming on a Budget: Getting Started AI security certifications are arriving fast. OffSec has OSAI. HTB has the AI Red
Tools for the Fight
Tools for the Fight I keep meeting people who want to secure their AI systems but don't know where to
Man vs. Machine
Man + Machine = 3 Min Flag You came here expecting a fight. Maybe you clicked because you wanted to see the human win.