Skip to content
SecForge
AI Security · LLM defense

Securing AI, LLMs and agents.

The emerging attack surface, explained: prompt injection, data leakage, red teaming and the defenses that actually help. What LLMs are, what they aren't, and how to use them without becoming a worse engineer.

Prompt injection Red teaming Data leakage Agents
LLM vs chatbot vs agent: know the difference — illustration
FOUNDATIONS
May 18, 20266 min read

Three words people use interchangeably. They are not interchangeable. Here is the cleanest separation, plus how to tell which one you are using.

Prompt injection explained: attacks and defenses — illustration
SECURITY
July 5, 20269 min read

The #1 risk in the OWASP LLM Top 10, and one you can't patch away. Direct vs. indirect injection, and the defenses that actually help.

5 prompts for self-study that actually work — illustration
PROMPTS
May 24, 20267 min read

For study, productivity, code review, threat modelling. Tested against real material, not generated for a listicle.

AI red teaming basics — illustration
SECURITY
June 2, 20268 min read

How models get stress-tested before they ship, the OWASP LLM risks it targets, and where the ethical and legal lines sit.

Using LLMs to detect phishing — illustration
DEFENSE
June 14, 20268 min read

How language models spot lures that keyword filters miss, where they fit in a pipeline, and the false-positive and privacy limits.

Run a local LLM for security notes — illustration
PRACTICAL
June 28, 20267 min read

Why security work pushes you to local models, how to set up Ollama, and what you should never hand to any model.

Agentic AI security basics — illustration
SECURITY
July 08, 20269 min read

A chatbot that gives bad advice is a nuisance. An agent that acts on it — sends the email, deletes the file — is an incident. What changes.

MCP attack surface explained — illustration
SECURITY
July 08, 20268 min read

MCP makes it trivial to connect an LLM to your files, databases and APIs. That convenience is exactly the attack surface.