01
AI Security
How language models fail, get manipulated, and leak data — and what the research says about defending them.
- Jailbreaking and BoN attacks
- OWASP Top 10 for LLMs
- Prompt injection and flowbreaking
AI security · architecture · engineering practice
Notes on
Notes on
building with
LLMs.
A technical journal covering the security, architecture, and engineering tradeoffs of working with language models.
LLM Security
Prompt Injection
RAG
OWASP LLM Top 10
AI-assisted coding
Agentic systems
7
Articles
3
Topic areas
55min
Total reading time
0
Paywalls
What we cover
Writing across three areas where LLM engineering gets complicated.
02
Architecture
The practical tradeoffs behind RAG, fine-tuning, and other ways to specialise a model for a specific domain.
- RAG pipeline design and tradeoffs
- RAG vs fine-tuning decision framework
- Model selection and capabilities
03
Engineering Practice
What changes when AI is writing your code — and the security implications that follow.
- Vulnerabilities in AI-generated code
- AI-assisted development workflows
- Closing the gaps
How we approach it
Technical. Grounded in the actual work.
Primary sources
We read the papers.
Most writing on AI security is several steps removed from the original research. We try to go back to the source.
Concrete examples
Specific over abstract.
Threat descriptions are more useful when they show what an attack actually looks like, not just that it exists.
Engineering decisions
Something you can use.
The goal is writing that helps you make actual decisions, not just understand that a problem exists.
Honest limits
The landscape moves fast.
We note when something is early, uncertain, or likely to change. A lot of this field is still being worked out.
From the Journal
Notes on AI security
and building with LLMs.
All articles →
Worth thinking about
Seven articles and counting.
No paywall, no newsletter gate. Writing on AI security and engineering practice.