Where I Drop AI Red Teaming Tips

ai red-teaming llm tips github rag mcp

Not everything I work on needs a full writeup. Some findings are a single technique, a single vector, a single “oh, that’s interesting” moment. Those live somewhere else — and that somewhere is AISecTips-Tricks.

What It Is

A GitHub repo where I keep bite-sized AI security tips. No fluff, no padding. Each one is a focused markdown file: the attack surface, how it works, and what hardening looks like. Red team and blue team, both sides covered.

What’s In There Right Now

Eight tips, all from the offensive research I’ve been running. The topics span most of the surfaces I care about:

• RAG Embedding Poisoning — corrupting vector stores so retrieval silently serves attacker-controlled content.
• Merkle-Chained Vector Chunks — tamper-proofing the other side of that same problem.
• LoRA Ghost-Adapter Sig-Scans — detecting supply-chain backdoors baked into adapter weights.
• Shadow Batch KV-Poisoning — manipulating attention by poisoning the KV cache across batches.
• Router-Sniff — cross-batch prompt leakage inside Mixture-of-Experts routing.
• Cache Whispering — hardware-level CPU cache side-channels during token generation.
• Draft-Leak — timing oracles hidden inside speculative decoding.
• Ghost-Tool Shadowing — hijacking tools through MCP protocol manipulation in agentic workflows.

Why Keep It Separate

The blog here is for deeper dives — the kind of post where I walk through the full chain of thought. The repo is for the moments where the finding is sharp enough to stand on its own. Two formats, same research.

If something from the repo deserves the long treatment, it’ll show up here eventually.

Go star it if the topics interest you. New tips drop when they drop.