hey! welcome to the rabbit hole. real talk though: that course is a deep-end offensive LLM course, it’ll drown you before you can swim. save it for a year from now.
for a few hours a week starting cold, i’d go: pick up the basics of how LLMs actually work (3blue1brown’s neural net videos are gold and free), then learn what prompt injection is at a concept level before touching tools. OWASP has a “top 10 for LLMs” list that’s a clean map of what can go wrong. and honestly just keep watching content like the leor vids, the vocab sinks in by osmosis.
defcon’s still worth going to even if half of it flies over your head, but “offensive” security is highly specialized and not useful for defending your business generally speaking. the hallway track and the villages teach more than the talks anyway. glad you’re here!
Perfect, I will check it out! I appreciate your content. It is dumb downed just enough for the layman. Your analysis of claude cowork “acting” as malware was when I knew you really cared about our understanding :)
"Scope every API token, every database connection, every MCP server like you’re handing a service account to a contractor who lies about everything." 🤣 #truestory
[Rhetorical] At what point do all the guard rails and additional security systems cost more than it would've to just build some old-fashioned, well-tested expert software algorithms to produce the deterministic output that most use cases expect?
Feel free to AMA!
No defense is bullet proof.
Let’s use an onion model and secure our systems. Assume Breach!
I can confirm that "Defense in Depth" is very difficult to explain to non-technical people, who approve the budget.
But it is an absolute necessity in all modern environments.
Great article!
thanks a ton! it absolutely is a challenge, and i think will be a leading pattern for Agents.
Hey bro! I’m just jumping in to your world. Saw your videos with Leor and am fascinated. I’m a non technical small business owner and was gonna go to defcon this year but this shit is way over my head. Where do suggest I start learning a few hours a week? https://training.defcon.org/products/strategic-ai-penetration-mastering-offensive-techniques-for-llms-marek-zmyslowski-konrad-jedrzejczyk-dclv2026?_pos=1&_psq=llm&_ss=e&_v=1.0
hey! welcome to the rabbit hole. real talk though: that course is a deep-end offensive LLM course, it’ll drown you before you can swim. save it for a year from now.
for a few hours a week starting cold, i’d go: pick up the basics of how LLMs actually work (3blue1brown’s neural net videos are gold and free), then learn what prompt injection is at a concept level before touching tools. OWASP has a “top 10 for LLMs” list that’s a clean map of what can go wrong. and honestly just keep watching content like the leor vids, the vocab sinks in by osmosis.
defcon’s still worth going to even if half of it flies over your head, but “offensive” security is highly specialized and not useful for defending your business generally speaking. the hallway track and the villages teach more than the talks anyway. glad you’re here!
Perfect, I will check it out! I appreciate your content. It is dumb downed just enough for the layman. Your analysis of claude cowork “acting” as malware was when I knew you really cared about our understanding :)
really appreciate that 🙏 Leor also does an awesome job keeping the show moving. thanks a ton for the support.
"Scope every API token, every database connection, every MCP server like you’re handing a service account to a contractor who lies about everything." 🤣 #truestory
[Rhetorical] At what point do all the guard rails and additional security systems cost more than it would've to just build some old-fashioned, well-tested expert software algorithms to produce the deterministic output that most use cases expect?
hahaha. love it. also great question… we are absolutely seeing a pricing and expense kick back now.
Kent Beck just dropped a related post called "Trust Factory" about the fact that we're now accumulating software faster than we're building trust. 🤔
Very detailed and informative, thanks for sharing. Creating a checklist out of this
that’s a ton. really glad to hear it landed. appreciate you!
Stage gate the entire lifecycle management and services to the same for the good 😊
💚
I got to read this a few times i think 😅 thanks for explaining this!
appreciate it! yeah not the easiest article, but based on real world work. hope it’s useful.
This is excellent, Tox.
really appreciate it my friend, thank you!