July 6, 2026
Let's Break AI Together
I’m a security engineer trying to learn AI security. Instead of reading theory and nodding along, I’m doing what security people actually do: building the attacks and the defenses myself, on a model I own, and writing up exactly what happened so you can reproduce every step on your own machine.
That’s what this series is. Not a course, not a lecture. A logbook of breaking LLMs on purpose, in a safe sandbox, to understand how to defend them. If you’ve done threat modeling before, none of the thinking is new - we’re just pointing it at a new target.
Everything runs local and offline. The model is mine to break: no cloud APIs, no keys, nothing pointed at systems I don’t own. This is defensive security work - red-teaming my own stuff using standard, industry-recognized techniques (OWASP LLM Top 10, MITRE ATLAS, PyRIT / garak style). Sandboxes only.
The map
Each part is its own doc. Click a file to open it - start at part 0 and work down.
New parts land here as I build them, so this post is the one to bookmark - the tree above always shows the latest state of the series.
Who this is for
- Security people curious about LLMs who want the attacker’s-eye view, grounded in things they already know (trust boundaries, injection, confused-deputy, exfil).
- Builders shipping LLM features who want to see how their app actually breaks before someone else finds out.
- Me, later - so I have a written record of what worked, what didn’t, and why.
Ground rules
- Local and offline. Everything targets a model running on my own machine. Nothing here is aimed at a service I don’t control.
- Reproducible. Every attack and defense comes with the commands to run it yourself.
- Defensive intent. We break things to learn to defend them. That’s the whole point.
Ready? Open part 0 and let’s get into the sandbox.