AI & GenAI Security
6+ years pioneering AI/GenAI security assessments, uncovering novel vulnerabilities in LLMs and securing AI-driven architectures.
What I deliver
- Prompt injection, jailbreak & data-leak testing
- RAG pipeline hardening
- Model supply-chain & guardrail audits
- OWASP LLM Top 10 alignment
Selected engagements
Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.
LLM red-team for healthcare GenAI copilot — 5 jailbreak classes + PII exfil via indirect prompt injection
RAG hardening for legal-tech startup — embedding leak controls, source sanitization, access-aware retrieval
Model supply-chain audit on HuggingFace fine-tunes — caught two poisoned checkpoints pre-deployment
Guardrails design for banking chatbot — NeMo + custom regex firewall, 0 PII leaks in 90-day soak
Top bugs I hunt — and the steps
The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.
Prompt Injection (LLM01)
- STEP 1Enumerate inputs reaching the model — direct, RAG context, tool outputs
- STEP 2Test direct + indirect injection (poisoned docs, web pages, emails)
- STEP 3Validate tool/function-call abuse and system-prompt exfil
- STEP 4Fix: input/output guardrails, isolation between trust zones, allow-list tools
Sensitive Information Disclosure (LLM06)
- STEP 1Probe model with PII extraction prompts + training-data sniffing
- STEP 2Audit RAG corpus for ACL misalignment with caller identity
- STEP 3Test logging pipelines for prompt/response leaks
- STEP 4Fix: per-user retrieval filters, output scrubbing, no PII in fine-tune data
Insecure Output Handling (LLM02)
- STEP 1Generate outputs that contain HTML/JS/SQL/shell payloads
- STEP 2Confirm downstream renderers/executors run unsanitized model output
- STEP 3Demonstrate XSS / SSRF / RCE through model response
- STEP 4Fix: treat model output as untrusted — sanitize before render or exec