Learn · Security

Security in the AI era is engineering work.

Not a checklist. A working track on the security surface AI introduces — and the OWASP-class issues it quietly worsens.

Modules

Six modules.

Top 10, but specific to the codebases AI is most likely to subtly miswire — injection vectors that hide inside prompt boundaries.

How AI-assisted edits gradually loosen auth boundaries. How to catch it in review, and how to defend against it in design.

Treating prompt injection as a code execution primitive. Real attack surfaces, real mitigations.

How to design the tools a tool-using agent calls. Whitelists, idempotency, blast radius, audit trails.

Where AI agents leak credentials, when fetched URLs become SSRF, and how to draw the network boundary.

Using AI to expand a threat model — without taking its word for what's exploitable.