AI Security Insights

AI introduces attack surfaces that traditional security frameworks do not cover. Prompt injection is not in the OWASP Top 10 (yet). Data exfiltration through model outputs is not in your WAF rules. Training data poisoning is not in your pentest scope. These insights cover the AI-specific security challenges that every production system must address.

What This Track Covers

Prompt Injection — How attackers manipulate LLM behaviour through crafted inputs. Direct injection, indirect injection through retrieved context, and multi-turn manipulation techniques. Defence strategies that actually work.

Data Leakage — How AI systems inadvertently expose sensitive data through outputs, embeddings, or model behaviour. PII detection, context isolation, and tenant separation in multi-user systems.

Model Security — Protecting model weights, preventing model extraction, and securing the supply chain for open-source models. Quantisation and fine-tuning security considerations.

Compliance — Mapping AI-specific controls to SOC2, ISO 27001, GDPR, and sector-specific regulations. What auditors expect and what evidence you need.

Red Teaming — Structured adversarial testing of AI systems. How to build an internal red team capability for ongoing security validation.

Featured Insights