AI Security

7 minutes

Video

Unlock Better RAG & AI Agents with Docling

IBM Technology. Explains the ingestion side of RAG and agents: preparing PDFs and other files so document structure, tables and layout survive into downstream retrieval. That supports the article's warning that RAG quality and safety begin before embedding, especially when parsing complex business documents.

Advanced

20 minutes

Video

Permissions & Access Control for RAG - a Deep Dive Tutorial

Paragon. Walks through the production RAG permission problem and compares tool-calling, namespaces, ACL tables and relationship-based permissions. That directly supports the article's core rule: retrieval must only return sources the current user is allowed to see, and source-system permissions cannot be treated as an afterthought.

Advanced

48 minutes

Video

How to Build Reliable AI Agents (Context + Evals Explained) | Tobias Leong, Axium

Arize AI. Explains why production agents fail when the system lacks the right context, evaluation data, tracing and domain expertise. It maps well to the article's failure-mode register because it makes reliability an engineering loop: separate retrieval from reasoning, define expected outcomes, evaluate tool calls, and trace failures before changing models.

Advanced

10 min read

Article

Production AI failure modes: what breaks after the demo

AI systems usually fail in predictable ways: hallucination, stale context, sycophancy, prompt injection, unsafe tool use, schema drift, and weak fallbacks. A production failure-mode register for teams shipping real workflows.

Build a production AI failure-mode register with controls for hallucination, stale context, prompt injection, unsafe tool use, and weak fallbacks.

Advanced

10 min read

Article

Private AI deployment patterns: local, VPC, self-hosted, and hybrid

Private AI is not one architecture. A practical comparison of local models, enterprise SaaS, VPC deployments, self-hosted inference, and hybrid patterns for SMEs that care about privacy and control.

Choose a private AI deployment pattern based on data sensitivity, capability needs, cost, latency, and operational capacity.

Advanced

10 min read

Article

Connecting AI to your email, calendar, and CRM safely

Connecting AI to your real tools — email, calendar, CRM — is the productivity unlock and the risk. A practical guide to the integrations that work in 2026, the patterns that are safe, and the lines you should not cross.

Connect AI to email, calendars, and CRMs with least privilege, approval gates, and audit trails.

Intermediate

8 min read

Article

Privacy and data hygiene when using AI at work

A practical guide to using AI at work without accidentally exposing customer data, breaching your company's policy, or violating GDPR. The lines, the tools, and the habits to build.

Apply practical workplace rules for sensitive data, tool choice, retention, and review before using AI.

Beginner

17 minutes

Video

Defending LLM - Prompt Injection

LiveOverflow. Walks through the actual defence-in-depth playbook — taint analysis on LLM output, restricting expected output shapes, user isolation, few-shot scaffolds, fine-tuning, temperature 0 for determinism, redundancy for critical paths. It matches the article's defence-stack section almost item for item.

Advanced

13 minutes

Video

Attacking LLM - Prompt Injection

LiveOverflow. Frames prompt injection as a classic injection attack against systems that mix instructions and untrusted data — with a concrete content-moderation example where an attacker frames an innocent user. The mental shift from "the model is the target" to "the application is the target" is exactly the move the article opens with.

Advanced

25 minutes

Video

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

IBM Technology. Zooms out from prompt injection to the wider OWASP Top 10 for LLMs — insecure output handling, sensitive information disclosure, excessive agency — which is exactly the failure-mode catalogue you want in mind before you grant Gmail or HubSpot scopes to anything.

Intermediate

11 minutes

Video

What Is a Prompt Injection Attack?

IBM Technology. Jeff Crume's "buy an SUV for $1" example is the cleanest 10-minute explanation of why direct and indirect prompt injection are different problems, and why filtering can't fully solve either. It pairs directly with the article's argument that you need least-privilege scopes, a dedicated agent account, and a human in the loop on anything irreversible — not a cleverer system prompt.

Intermediate

Start here

Prompt injection and LLM security: threat models and defense-in-depth

Company knowledge RAG: permissions, leakage, and source boundaries

Secure document ingestion for RAG: PDFs, OCR, metadata, and retention

More in this topic

Unlock Better RAG & AI Agents with Docling

Permissions & Access Control for RAG - a Deep Dive Tutorial

How to Build Reliable AI Agents (Context + Evals Explained) | Tobias Leong, Axium

Production AI failure modes: what breaks after the demo

Private AI deployment patterns: local, VPC, self-hosted, and hybrid

Connecting AI to your email, calendar, and CRM safely

Privacy and data hygiene when using AI at work

Defending LLM - Prompt Injection

Attacking LLM - Prompt Injection

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

What Is a Prompt Injection Attack?