11/07/2025 LEARNING
AI, Machine Learning, and Deep Learning: What’s Actually Different
Refined notes and thoughts on AI, Machine Learning, and Deep Learning: What’s Actually Different
READ MORE →LEARNING HUB
Resources • Tutorials • Guides
AI FUNDAMENTALS
UNSUPERVISED LEARNING ALGORITHMS FOR AI SECURITY PROFESSIONALS
11/10/2025 LEARNING
Supervised learning algorithms summary for AI security professionals
Supervised learning algorithms summary for AI security professionals
READ MORE → 11/12/2025 LEARNING
Anomaly detection for AI security professionals
Unsupervised Algorithm Anomaly detection for AI security professionals. ML
READ MORE → 11/12/2025 LEARNING
DBSCAN and HDBSCAN for AI security professionals
DBSCAN and HDBSCAN for AI security professionals Unsupervised learning algorithm
READ MORE → 11/12/2025 LEARNING
Gaussian mixture model for AI security professionals
Gaussian mixture model for AI security professionals Unsupervised learning algorithm
READ MORE → 11/12/2025 LEARNING
Graph communities and embeddings for AI security professionals
Graph communities and embeddings for AI security professionals for Unsupervised learning algorithm
READ MORE → 11/12/2025 LEARNING
Principal Component Analysis (PCA) for AI security professionals
Unsupervised Algorithm Principal Component Analysis (PCA) for AI security professionals ML
READ MORE → 11/12/2025 LEARNING
Unsupervised Algorithms overview for AI Security Professionals
Unsupervised Algorithms overview for AI Security Professionals ML
READ MORE → 11/12/2025 LEARNING
Unsupervised learning algorithm a quick comparison
Unsupervised learning algorithm a quick comparison
READ MORE → 11/12/2025 LEARNING
Unsupervised learning algorithm K-means clustering for AI security professionals
Unsupervised learning algorithm K-means clustering for AI security professionals
READ MORE →SUPERVISED LEARNING ALGORITHMS FOR AI SECURITY PROFESSIONALS
11/08/2025 LEARNING
Linear and Logistic regression
Notes about Linear and Logistic regression
READ MORE → 11/08/2025 LEARNING
Supervised learning — a practical explainer
What supervised learning is, how it works in practice, core algorithms, evaluation, and common pitfalls — explained plainly
READ MORE → 11/09/2025 LEARNING
Descision trees for AI security professionals
Descision trees for security professionals
READ MORE → 11/09/2025 LEARNING
Naive bayes for AI security professionals
Naive bayes for AI security professionals
READ MORE → 11/10/2025 LEARNING
Gradient boosted trees for AI security professionals
Continue on Supervised algorithms Gradient boosted trees for AI security professionals
READ MORE → 11/10/2025 LEARNING
k Nearest neighbor for AI security professionals
Continue supervised algorithms k Nearest neighbor for AI security professionals
READ MORE → 11/10/2025 LEARNING
Random forest for AI Security Professionals
Continue on Supervised algorithms for ML
READ MORE → 11/10/2025 LEARNING
Support vector machine for AI security professionals
Support vector machine for AI security professionals Machine Learning algorithms
READ MORE →A SCOPING SERIES
11/06/2025 LEARNING
AI Security Scoping: What Organizations Get Wrong Serie
Overview for AI Security Scoping: What Organizations Get Wrong Serie
READ MORE → 11/06/2025 LEARNING
Multi-Turn Context Windows Article 2 in the scope serie
Single-turn testing dominates. Real attacks happen across conversations. What gets missed: Context manipulation across multiple turns Session isolation between users Context window overflow behavior Cross-turn instruction injection Adversaries condition models gradually. Single-turn tests never see this. Article 2 in the Scoping series
READ MORE → 11/06/2025 LEARNING
The Third-Party Model Scoping Problem Article 4 in scope series
Organizations use OpenAI or Anthropic APIs. Scope says “test the model” when the model is a black box. What gets missed: Trust boundary definition What’s actually testable (integration, not the model) Data sent to third-party APIs Compliance implications You can’t test the model. You can test your integration with it.
READ MORE → 11/06/2025 LEARNING
Training Pipeline Security Article 5 in the scope series
Security teams test deployed models. AI teams train models. The pipeline between them is untested. What gets missed: Training data sources and integrity Data poisoning opportunities Fine-tuning risks Supply chain for models and datasets If adversaries can influence training data, they control the model.
READ MORE → 11/06/2025 LEARNING
AI Safety as Security Scope Article 6 in the scope series
Security teams test technical vulnerabilities. Safety issues are “someone else’s problem” until they create legal liability. What gets missed: Regulatory compliance (GDPR, EU AI Act) Bias and discrimination Harmful content generation Alignment failures Safety failures create organizational risk just like security failures.
READ MORE → 11/06/2025 LEARNING
Continuous Changes and Testing Cadence Article 7 in the scope series
Point-in-time assessments work for static systems. AI systems change constantly. What gets missed: Model updates (by providers or through retraining) Prompt modifications Integration changes Training data updates Testing in January is obsolete by March if the system changed.
READ MORE → 11/06/2025 LEARNING
Logging, Monitoring, and Detection Article 8 in the scope serie
Assessments find vulnerabilities. Logs detect exploitation. Most scoping focuses on finding, not detecting. What gets missed: What security events are logged Log retention and security Monitoring and alerting capabilities Incident investigation procedures Finding vulnerabilities matters less if exploitation goes undetected.
READ MORE → 11/06/2025 LEARNING
AI Security RFPs That Waste Everyone’s Time Article 9 in the scope series
Generic RFPs produce generic proposals that lead to generic testing. What gets missed: System architecture details vendors need Specific test scenarios required Access and constraint information Realistic timelines and budgets Bad RFPs result in proposals that don’t match actual needs.
READ MORE → 11/06/2025 LEARNING
AI Incident Response Article 10 in the scope series
Organizations have IR plans for traditional breaches. AI incidents don’t fit existing procedures. What gets missed: AI-specific incident categories Model-specific containment strategies Investigation procedures for AI failures Recovery approaches for compromised models When AI incidents occur, traditional IR doesn’t apply.
READ MORE → 11/06/2025 LEARNING
Function Calling and Tool Integration Aricle 3 in scope series
Models with function calling can execute code and query databases. Scoping ignores the execution layer. What gets missed: Authorization for function calls Parameter validation (SQL injection, command injection, path traversal) Function call chains Rate limiting on expensive functions Testing the model doesn’t cover what the model can do through tools.
READ MORE → 11/06/2025 LEARNING
Model Integration Points Nobody Tests Article 1 in the scope serie
Article 1: Model Integration Points Nobody Tests Most scoping focuses on the model while ignoring the integration layer where actual vulnerabilities exist. What gets missed: How user input becomes model prompts (string concatenation, JSON encoding, validation) How applications authenticate to model APIs (API key storage, rotation) How model outputs get processed (HTML rendering, code execution, database queries) Rate limiting, error handling, session management The model does what it's designed to do. The vulnerabilities are in how applications integrate with models.
READ MORE →OTHER LEARNING RESOURCES
11/10/2025 LEARNING
Cyber & AI – Friend or Foe? Lessons from the Orange Systems Inspiration Session
Uriel Kosayev talk from Orange Systems Inspiration Session about AI
READ MORE → 11/08/2025 LEARNING
Google research nested learning
Google research nested learning
READ MORE → 11/08/2025 LEARNING
IBM video serie about AI
Excellent video serie explaining AI
READ MORE → 11/05/2025 LEARNING
MCP cheatsheet
Mcp security cheatsheet
READ MORE → 11/04/2025 LEARNING
OWASP TOP 10 LLM REPORT PDF
The pdf top owasp top 10 for llms
READ MORE →