# AI Security Lab

This folder contains safe toy experiments for the AI security article series on haotianblog.

The demos are defensive teaching material. They use scikit-learn built-in datasets or small synthetic examples. They do not contact external services, attack real systems, include credentials, or provide operational exploit payloads.

## Setup

```bash
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```

## Quick Run

```bash
python src/fgsm_digits_demo.py --quick --out results/fgsm-results.csv
python src/poisoning_backdoor_demo.py --quick --out results/poisoning-results.csv
python src/privacy_extraction_demo.py --quick --out results/privacy-extraction-results.csv
python src/rag_prompt_injection_guard_demo.py --quick --out results/rag-guard-results.csv
```

## Files

- `src/fgsm_digits_demo.py`: local FGSM-style perturbation demo against a multinomial logistic digit classifier.
- `src/poisoning_backdoor_demo.py`: toy data poisoning and trigger evaluation using the digits dataset.
- `src/privacy_extraction_demo.py`: confidence-based membership inference and local surrogate extraction simulation.
- `src/rag_prompt_injection_guard_demo.py`: deterministic RAG prompt-injection guard simulation.
- `results/*.csv`: sample outputs generated by quick runs.
- `risk-register.csv`: article-ready risk register template.
- `attack-defense-matrix.csv`: compact mapping from attack surface to defensive controls.
- `ai-security-lab-architecture.svg`: series architecture diagram.

## Safety Boundaries

- No real targets, endpoints, tokens, credentials, or service names are included.
- No network requests are made by the demo scripts.
- Prompt-injection examples are inert strings used by a deterministic toy simulator.
- Model extraction is simulated against a locally trained toy model, not a public API.
- Results are educational baselines, not security guarantees.