AI Security Engineering
This hub organizes AI security material around defensive review rather than attack spectacle. The route covers threat modeling, adversarial examples, data poisoning, model privacy, and LLM/RAG/Agent security, but the examples are kept to local toy settings, built-in datasets, and synthetic cases. The purpose is to help readers identify trust boundaries, choose evaluation metrics, and document mitigations without turning the page into instructions against real systems.
AI security problems often look unrelated on the surface. A poisoned training set, an adversarial image, a membership inference risk, and a prompt-injection failure all involve a boundary where the system trusts data, output, retrieval context, or tool behavior too much. This hub keeps that common structure visible so readers can move from individual demos to a review checklist.
Defensive Reading Path
Start with threat modeling. Before running any experiment, identify the asset, actor, boundary, failure mode, and evidence that would show the risk. Then read the adversarial example and poisoning articles as controlled metric exercises: what changes in accuracy, robustness, attack success rate, or false-positive behavior? Move to model privacy and RAG/Agent controls after that, because those pages require careful separation between demonstration, policy, and operational misuse.
For each article, write down three things: what the toy experiment proves, what it does not prove, and which production control would need independent validation. This prevents a small lab from being overclaimed and makes the material safer for education, academic discussion, and defensive engineering practice.
Safety Boundary
The site does not provide help for unauthorized access, evading platform controls, attacking third-party services, stealing data, or bypassing security systems. Security examples are framed as local defensive learning material. If a technique can be misused, the article should emphasize the metric, mitigation, and review process rather than provide operational targeting guidance.
Review Checklist
A useful AI security review starts with scope. Identify the model or workflow, the asset being protected, the attacker capability assumed by the article, the data boundary, the evaluation metric, and the mitigation that would be considered acceptable. Without that scope, an adversarial example, poisoned sample, privacy test, or prompt-injection demonstration can sound dramatic while proving very little.
The pages in this route should therefore separate three layers: the educational toy experiment, the general security concept, and the production control that would require independent validation. A toy poisoning demo can teach how labels influence training, but it does not automatically measure the risk of a real data pipeline. A RAG prompt-injection lab can teach trust boundaries, but it does not replace access control, tool allowlists, monitoring, and incident response.
How Demos Are Limited
AI security demos on this site are intentionally constrained. They use local scripts, built-in datasets, synthetic examples, and defensive language so the reader can study the failure mode without targeting a third-party system. Those limits are part of the value of the page because they keep the experiment reproducible and reduce unnecessary operational detail.
Readers should not overclaim the result of a limited demo. A successful attack in a toy setting does not prove broad real-world exploitability, and a mitigation that works in a small notebook does not prove production safety. The durable lesson is the review method: define the boundary, measure the failure, document the assumption, and choose a control that can be tested again.
AI Security Review Matrix
| Review object | Core question | Evidence to preserve | Boundary statement |
|---|---|---|---|
| Threat model | Are the asset, attacker, entry point, and failure impact explicit? | System diagram, trust boundary, attacker assumption, failure metric, and priority. | A threat model starts the review; it is not proof that the system is protected. |
| Toy lab | What exactly does the demo prove? | Data source, parameters, random seed, metric movement, and failed examples. | A local toy experiment does not directly measure production risk. |
| Mitigation | Can the mitigation be tested, rolled back, and monitored? | Filter rule, permission boundary, log fields, alert condition, and retest result. | One mitigation technique does not replace access control, monitoring, and response. |
| Misuse limit | Does the article avoid unauthorized operational guidance? | Authorization note, synthetic data, local run path, and defensive conclusion. | The material is for education, academic discussion, and defensive research. |
Topic hub
AI Security Engineering
A reproducible route through threat modeling, adversarial examples, poisoning, model privacy, and LLM/RAG/Agent security.
Built for engineers researching AI security threat modeling, robust evaluation, poisoning defense, membership inference, model extraction, and prompt-injection controls.
Editorial notes
Why these articles belong in one route
AI security content needs a clear boundary between defensive learning and abuse. This hub uses built-in datasets, synthetic examples, and local toy pipelines, with emphasis on threat modeling, metrics, and defensive review.
Adversarial examples, poisoning, model privacy, and RAG injection are connected by one question: whether the trust boundary among training data, model output, external documents, and tool calls is explicit.
Each article turns risk into audit-friendly items, including trigger conditions, observable metrics, false-positive concerns, and mitigation controls that readers can adapt to their own defense checklists.
What you will build
You will use a safe toy lab and connect risks, metrics, boundaries, and engineering controls into one reviewable workflow.
Recommended reading order
Start with concepts, then move into runnable projects
AI Security Threat Modeling
Build a defense map with NIST adversarial ML, MITRE ATLAS, and OWASP LLM risks.
Adversarial Examples and Robust Evaluation
Evaluate clean and perturbed accuracy with an FGSM-style digits experiment.
Data Poisoning and Backdoor Defense
Study poison rate, trigger behavior, attack success rate, and training pipeline controls.
Model Privacy and Extraction Defense
Measure membership inference signal and surrogate fidelity against a local toy model.
LLM, RAG, and Agent Security
Separate instructions from data and enforce tool permissions against indirect prompt injection.
Resources and distribution assets
Code, data, diagrams, and share assets in one place
AI Learning Project / GUIDE
AI Security Lab README
Setup, safety boundaries, and quick-run commands for the AI Security series.
AI Learning Project / DATASET
AI security risk register
CSV risk register template for AI threat modeling and release review.
AI Learning Project / DATASET
AI attack-defense matrix
Maps attack surface, toy demo, metric, and defensive control into one CSV table.
AI Learning Project / DIAGRAM
AI Security Lab architecture diagram
Shows threat modeling, robustness, data integrity, model privacy, and RAG guardrails.
AI Learning Project / CODE
FGSM digits robustness script
FGSM-style perturbation and accuracy-drop experiment for a local digits classifier.
AI Learning Project / CODE
Data poisoning and backdoor toy script
Demonstrates poison rate, trigger behavior, and attack success rate on digits.
AI Learning Project / CODE
Model privacy and extraction toy script
Outputs membership AUC, target accuracy, surrogate fidelity, and surrogate accuracy.
AI Learning Project / CODE
RAG prompt injection guard toy script
Uses a deterministic toy agent to demonstrate external-data demotion and tool-policy blocking.
AI Learning Project / ARCHIVE
AI Security Lab full bundle
Includes safe toy scripts, result CSVs, risk register, attack-defense matrix, and architecture diagram.
FAQ
Direct answers to common search questions
Does this hub provide steps for attacking real systems?
No. The lab uses only scikit-learn built-in data and synthetic toy data, with a focus on defensive evaluation, risk records, and engineering review.
Who is the intended reader?
It is for engineers who can read Python, understand basic ML workflows, and want to put AI systems into security review.
