Project AISecOps: Securing AI
A builder’s journey into safe, AI systems
Why This Project Exists
This project started with a question I couldn’t ignore:
How do you build AI systems that are not just powerful, but secure by default?
The more I explore LLMs, agents, RAG pipelines, and tool-augmented workflows, the more I feel the ground shifting. Everyone’s building, but very few are asking what happens when these systems go wrong.
I'm approaching this as a builder-in-training. I'm not here just to read theory, I believe the only real way to learn is by actually building systems and refining them through experimentation.
At the same time, I want security to be a part of that process from day zero, not as an afterthought. Control, reliability, and resilience aren’t extras. They’re architectural requirements.
Project AISecOps is my effort to understand what that looks like. Both in theory and in practice.
What I’m Noticing So Far (Mental Model Shift)
When people talk about “AI security,” they often mean just Model security: things like prompt injection, jailbreaking, or unsafe outputs.
That’s important but what’s really caught my attention is everything that revolves directly around the model.
What happens when the model connects to the real world? When it:
Uses tools or APIs
Stores context or memory over time
Executes commands based on internal decisions
Interconnects with other AI agents
That’s when things get unpredictable and when I think the most interesting vulnerabilities emerge.
Jason Haddix notes in the MLSecOps episode: Holistic AI Pentesting Playbook:
“One weak agent can compromise your whole AI ecosystem.”
That really reframed things for me. You’re not just securing a request/response loop, you’re securing behavior that spans layers, tools, and time.
What I Want to Understand Deeply
I’m interested in building and securing real-world AI systems.
If I want to build such systems, responsibly and well, I need to learn a few foundational understandings:
What are the true layers of an agentic AI architecture?
What are the trust boundaries between model, memory, tools, and API calls?
How would I audit behavior across time and agents?
How do I validate inputs/outputs and not just sanitize them?
Because if I’m going to build systems with memory and agency, I need to think about persistent effects, not just point-in-time interactions.
Types of Attacks I Want to Explore
In addition, I’m intentionally studying how AI systems break, based on stories and frameworks from others in the community.
My goal isn’t to reproduce specific exploits I’ve read about, it’s to simulate these behavioral risks in sandboxes and earn the instincts of a secure builder.
The Biggest Insight (So Far)
One principle from security researcher Rico Komenda in a MLSecOps episode keeps coming back:
“We need to test systems, not just models.”
When you give a model tools, memory, and autonomy, you’ve created a system.
This an opportunity for deeper thinking.
Where I Want This All to Lead
Eventually, I want to build and ship useful agent-based systems even modest ones.
I want to answer the following questions confidently and some of these questions are brought up by security experts like Jason Haddix, Rico Komenda, Javan Rasokat, and Vats Shah as well:
What are the trust boundaries?
Where could context or retrieval undermine intent?
Is there a record of decisions being made and by whom?
How will AI agents participate in observability, rollback, or security functions is a reliable way?
The endgame isn’t perfection - it’s clarity, security, and systems I actually trust to run.
Resources That've Shaped My Thinking
These talks, threads, and reports have all influenced how I’m framing this space:
MLSecOps - Jason Haddix – Holistic AI Pentesting Playbook:
MLSecOps - Javan Rasokat & Rico Komenda:
Vats Shah – https://x.com/VatsSShah
Lasso Security – Top 10 Threats to Agentic AI in 2025: https://www.lasso.security/blog/agentic-ai-security-threats-2025
Zenity Labs – A Copilot Studio Story: Discovery Phase in AI Agent:
https://labs.zenity.io/p/a-copilot-studio-story-discovery-phase-in-ai-agents-f917
Zenity Labs - A Copilot Studio Story 2: When AIjacking Leads to Full Data Exfiltration :
https://labs.zenity.io/p/a-copilot-studio-story-2-when-aijacking-leads-to-full-data-exfiltration-bc4a