AIPSA Learning Library
Reading Materials
Chapter-level PDFs across three publications — the AIPSA Handbook, Field Guide, and Mythos Report. Each chapter maps to one or more lab domains. Use them before, during, or after labs.
15 Chapters · Practice-oriented
AIPSA Handbook
Deep-dive reference for practitioners. Each chapter covers a specific skill area with methodology, worked examples, and templates — aligned directly with lab exercises.
Chapter 1 — AI System Inventory
Map your AI assets, establish component boundaries, classify data flows, and build the inventory foundation that all downstream security controls depend on.
Chapter 2 — Architecture and Trust Boundaries
Design secure AI system architectures with enforced trust boundaries, identity controls, data isolation, and defense-in-depth across the full AI stack.
Chapter 3 — Threat Modeling
Apply STRIDE to AI product surfaces, enumerate trust boundaries, map threats to mitigations, and produce architecture decision records.
Chapter 4 — Prompt Injection
Direct and indirect injection attack patterns, instruction hierarchy exploitation, context poisoning, and realistic mitigations beyond prompt wording.
Chapter 5 — RAG Authorization
Authorization across ingest and query layers, tenant isolation, cross-tenant leakage vectors, document poisoning, and retrieval auditability.
Chapter 6 — Agentic Permissions
Tool-call security, delegated authority, approval gates, side-effect containment, MCP surface analysis, sandboxing, and action logging for AI agents.
Chapter 7 — Data Exposure and Privacy
PII in prompt and retrieval context, cross-tenant data leakage, training data exposure, prompt log privacy, data minimization, and retention controls.
Chapter 8 — Model and Provider Risk
Evaluating model providers, subprocessors, data processing terms, trust center claims, security questionnaires, and procurement decision criteria.
Chapter 9 — AI Supply Chain
Model artifact risks, unsafe deserialization, model hub provenance, dependency trust, artifact signing, AI BOM concepts, and third-party model integration risk.
Chapter 10 — Logging and Telemetry
Prompt/response/tool-call log requirements, trace correlation, PII-safe telemetry, abuse monitoring signal design, and the minimum log surface for AI forensics.
Chapter 11 — Detection Engineering
Building detectors for prompt injection, jailbreaks, credential exposure, anomalous tool calls, and AI-specific abuse patterns using telemetry pipelines.
Chapter 12 — Incident Response
AI incident classification, containment playbooks, prompt/tool-call forensics, rollback procedures, customer notification, and post-incident control improvements.
Chapter 13 — Evaluation and Regression Testing
Eval harness design, jailbreak regression suites, abuse-case test coverage, model/application boundary testing, and how eval output becomes security evidence.
Chapter 14 — Governance, Evidence, and Customer Trust
AI governance operating model, risk registers, control evidence collection, NIST AI RMF and ISO 42001 mapping, and producing audit-ready customer trust artifacts.
Chapter 15 — Field Kit and Templates
Reference templates for AI system inventory, threat models, control matrices, evidence collection, vendor questionnaires, and incident response playbooks.
14 Chapters · Domain-mapped
AIPSA Field Guide
One chapter per AIPSA domain — concise, field-ready reference covering the concepts, vocabulary, and decision frameworks you need for each competency area.
AI Security Foundations
Core concepts for reasoning about AI systems as software, data, model, platform, and governance systems — and why AI security is not only model safety.
LLM Application Security
Security of applications that call, wrap, orchestrate, or expose LLMs — input/output boundaries, model provider APIs, prompt construction, tool access, and output handling.
Prompt Injection and Context Security
Direct and indirect prompt injection, instruction hierarchy, context poisoning, system prompt exposure, and mitigations beyond prompt wording.
RAG Security
RAG authorization, cross-tenant leakage, vector database exposure, document poisoning, citation trust, and retrieval auditability.
Agent Security
Delegated authority, tool calls, MCP-style tool surfaces, approvals, side effects, action logging, sandboxing, and agentic workflow governance.
Model Supply Chain Security
Model artifacts, unsafe deserialization, model hub provenance, dependency trust, model scanning, artifact signing, and third-party model risk.
MLOps Platform Security
Security of notebooks, experiment tracking, model registries, pipelines, GPUs, containers, inference services, cloud IAM, secrets, and CI/CD for AI platforms.
AI-Aware Secure SDLC
Secure lifecycle practices for AI-enabled products: intake, threat modeling, design review, eval gates, release criteria, logging requirements, and control evidence.
Privacy and Data Protection in AI Systems
Customer data usage, training policy, retention, prompt/log privacy, PII redaction, data minimization, data residency, and privacy controls for AI systems.
AI Governance, Risk, and Compliance
AI governance operating model, risk registers, control mapping, NIST AI RMF, ISO 42001, policy, accountability, approvals, evidence collection, and audit-ready reporting.
Red Teaming and Adversarial Evaluations
AI red teaming, eval harnesses, jailbreak testing, prompt injection test design, abuse-case testing, regression testing, and interpreting eval limits.
Incident Response and AI Observability
AI incident detection, prompt/response/tool-call logs, traceability, abuse monitoring, alerting, forensics, containment, rollback, and post-incident learning.
Vendor Risk and AI Procurement
Evaluating AI vendors, model providers, subprocessors, data processing terms, security questionnaires, contract controls, trust center claims, and procurement decisions.
Secure AI Architecture Design
End-to-end design of secure AI systems: trust boundaries, identity, data flows, isolation, runtime controls, safe defaults, defense-in-depth, and tradeoff reasoning.
Strategic context · Not curriculum-aligned
Mythos Report — Selected Chapters
Eight chapters from the Mythos threat intelligence report with direct relevance to specific domains. Strategic framing for why the technical controls matter.
Inventory Is the First Control
Why you cannot defend what you have not mapped — the argument for AI system inventory as the prerequisite for every other control.
Threat Modeling Becomes Continuous
The case for continuous threat modeling in AI products: why static annual reviews fail and how to build threat modeling into engineering velocity.
Prompt Injection Is a Product Security Bug
Reframing prompt injection from a model safety problem to a product security control-boundary failure — with ownership, remediation, and release criteria implications.
Excessive Agency Is the New Overprivileged Service Account
Drawing the direct line from classic least-privilege failures to agentic AI: why scope, approval gates, and blast radius matter more as agents gain capabilities.
RAG and Context Systems Are Data Security Systems
The argument that retrieval systems must be governed as data access control systems — not just prompt augmentation layers — with all the authorization implications that follow.
Model, Code, and AI Supply Chain Security
How supply chain risk expands when the artifact is not just code but model weights, serialized configs, and datasets — and what AI BOM and provenance checks require.
The New AppSec Metric Is Time to Evidence
Why the most important AI security KPI is how quickly your team can produce control evidence — and what that means for tooling, process, and team structure.
Governance Without Velocity Is Theater
The argument that AI governance programs that slow down engineering without improving risk posture are actively counterproductive — and what high-velocity governance looks like.