5 min readFeatured
Tokenization Attacks: The AI Security Risk Almost Nobody Models
Why retrieved text is not just ‘untrusted input’ but an attacker-controlled instruction channel when your model can call tools — and how to think about controls without magical safety guarantees.