AI/LLM Security
Prompt injection, RAG exposure, model behavior, system prompt leakage, tool misuse, guardrail bypass, and AI application risk.
Research
Writing on AI Security, Social Engineering, and Offensive Methodology
Research notes, technical explainers, and working ideas focused on AI/LLM security, emerging AI-enabled social engineering, SPECTRA development, and practical offensive security methodology.
Series · 5 Parts · Published May 2026
SPECTRA Lab Validation
Documenting the first live validation of the SPECTRA framework against a synthetic enterprise RAG system with a seeded retrieval authorization vulnerability. From building the lab to validating the methodology to identifying what comes next.
01
Published
02
Published
03
Published
04
Published
05
Published
Why AI Security Testing Has a Context Problem
Generic prompt coverage identifies model behavior but does not explain whether a failure matters in a real system.
Building the Lab: A Synthetic RAG Authorization Target
A synthetic internal knowledge base assistant with a seeded retrieval authorization vulnerability and a hardened fix.
SPECTRA vs. Lab 1: From Zero Findings to One Clean Finding
The full iteration story from a blind evaluator producing zero findings to a clean single finding with correct root cause and remediation.
RAG Security Is an Authorization Problem
The vulnerability was not prompt injection. It was an authorization design flaw in the retrieval pipeline.
What's Next: Frontier Models, More Labs, and Scaling
Lab 1 validated the core thesis. Next: frontier model comparison, Lab 2, and scaling to enterprise assessments.
Research Themes
Areas of focus
These themes define the main areas I am researching and writing about as AI systems become more connected to data, tools, workflows, and human decision-making.
Emerging AI-Enabled Social Engineering
AI-assisted reconnaissance, synthetic personas, phishing and vishing evolution, impersonation risk, pretext generation, and trust signals.
SPECTRA Development
Framework notes, roadmap updates, methodology refinements, attack chain logic, context-aware testing concepts, and tooling ideas.
Offensive Security Methodology
Practical notes on testing structure, finding development, reporting, risk communication, and impact.