Blog

Essays on building and breaking systems — threat models, LLM risks, API abuse, and the craft of shipping defensive software.

Mar 25, 20265 min readFeatured

Tokenization Attacks: The AI Security Risk Almost Nobody Models

Why retrieved text is not just ‘untrusted input’ but an attacker-controlled instruction channel when your model can call tools — and how to think about controls without magical safety guarantees.

AI Security
LLM
Offensive Security
AppSec