AI/LLM Security
Prompt injection, RAG exposure, model behavior, system prompt leakage, tool misuse, guardrail bypass, and AI application risk.
Research
Writing on AI Security, Social Engineering, and Offensive Methodology
Research notes, technical explainers, and working ideas focused on AI/LLM security, SPECTRA development, and emerging AI-enabled social engineering.
Lab 1 Series · 5 Parts · Published May 2026
SPECTRA Lab 1 Validation
Lab 1 is a synthetic internal knowledge base assistant with a seeded retrieval authorization vulnerability and a hardened fix. These five articles document what happened when SPECTRA ran against it, including every failure along the way.
01
02
03
04
05
Why AI Security Testing Has a Context Problem
Generic prompt coverage identifies model behavior but does not explain whether a failure matters in a real system.
Building the Lab: A Synthetic RAG Authorization Target
A synthetic internal knowledge base assistant with a seeded retrieval authorization vulnerability and a hardened fix.
How SPECTRA Found What Generic Testing Missed
The full iteration story from a blind evaluator producing zero findings to a clean single finding with correct root cause and remediation.
RAG Security Is an Authorization Problem
The vulnerability was not prompt injection. It was an authorization design flaw in the retrieval pipeline.
What's Next: Frontier Models, More Labs, and Scaling
Lab 1 validated the core thesis. Next: frontier model comparison, Lab 2, and scaling to enterprise assessments.
Research Themes
Areas of focus
These themes define the main areas I am researching and writing about as AI systems become more connected to data, tools, workflows, and human decision-making.
SPECTRA Development
Framework notes, roadmap updates, methodology refinements, attack chain logic, context-aware testing concepts, and tooling ideas.
Emerging AI-Enabled Social Engineering
AI-assisted reconnaissance, synthetic personas, phishing and vishing evolution, impersonation risk, pretext generation, and trust signals.