Break your AI before someone else does.
Every feature you bolt onto a language model is a new trust boundary — and every trust boundary is an invitation. Breaking AI teaches you to think like the adversary the model never sees coming, then prove it in a lab you own.
One loop, four moves.
Each piece hands you to the next: learn the attack, practice it on a safe target, assess your own app, then keep it secure. The book and its labs are live today; the free audit is live; two tools are in build.
The field manual
Breaking AI + Lab WorkbookHow every LLM attack works — then hands-on labs to run them yourself.
Available now 02 · PracticeDVLA
The vulnerable LLM appA deliberately broken LLM app to attack safely. Free and open source.
Coming soon 03 · AssessThe AI Audit
Free self-assessmentScore your app against the OWASP LLM Top 10 and the EU AI Act. Get a report.
Free · live 04 · SecureThe Injection Tester
Continuous scannerAutomated scanning for prompt injection and OWASP LLM risks, every deploy.
Coming soonRead it, then do it.
Breaking AI is the AI-red-team companion to The Adversary's Mind — the same seven-step Loop runs through every chapter, so the reasoning becomes automatic instead of memorized. No machine-learning background required: the maths is optional, the adversarial mindset is everything. Every technique is mapped to the OWASP LLM Top 10 and MITRE ATLAS so your findings speak the language professionals use.
Chapters 1–3
- The LLM Attack Surface
- Direct Prompt Injection
- Jailbreaks & Guardrail Evasion
Chapters 4–6
- Indirect Prompt Injection
- RAG & Data Poisoning
- System-Prompt Extraction & Sensitive-Data Leakage
Chapters 7–8
- Insecure Output Handling
- Model & Wallet Denial of Service
Chapters 9–10
- Supply-Chain Attacks on AI
- Agentic AI & MCP / Tool-Use Abuse
The reference kit
- A — OWASP LLM Top 10 ↔ MITRE ATLAS ↔ chapter map
- B — The Lab Toolkit (Ollama, garak, PyRIT, Burp, DVLA)
The Lab Workbook — 103 pages
- Gated, hands-on labs for all ten chapters
- Practice on models and apps you own — Ollama, DVLA, PortSwigger
- The book is the skeleton; the workbook is the muscle
Mindset first, mapped to the standards.
One idea, ten attacks
A model reads instructions and data through the same eyes. Every chapter is a consequence of that single fact — so you reason, not memorize.
OWASP LLM Top 10 + ATLAS
Every technique carries its OWASP ID and MITRE ATLAS family, so your findings drop straight into a professional report.
Attack and defense
Every chapter pairs the attack with a Defensive Playbook and a Cat & Mouse exchange — the whole board, not half of it.
Agents & MCP, not just chat
The most consequential surface — tool-using agents and MCP servers, the lethal trifecta, zero-click exfiltration — gets its own chapter.
A lab you own
Every attack is practiced against local models and the companion Damn Vulnerable LLM App — never someone else's system.
Copy-paster → operator
Each chapter's Operator's Corner turns a string you pasted into a mechanism you understand — the difference that lasts.
Start breaking things this weekend
Breaking AI only
The thinking, mapped to the standards.
- The 57-page AI red-team guide
- All 10 chapters across 4 parts
- Appendices A & B
- OWASP LLM Top 10 ↔ ATLAS map
- Free updates to this edition
Guide + Lab Workbook
Read the attack, then run it.
- Everything in the guide, plus —
- The 103-page Lab Workbook
- Gated, hands-on labs for all 10 chapters
- Full lab setup — Ollama, DVLA, garak, PyRIT
- Practice only on targets you own
Both books + both labs
This bundle plus the original field manual.
- Breaking AI + Lab Workbook
- The Adversary's Mind + Lab Workbook
- $138 value — the full shelf
All sales are final once the file is downloaded. If you haven't downloaded it yet, request a full refund within 7 days — no questions.
Then prove where you stand.
The AI Audit is a free, browser-based self-assessment — the practical companion to the book. Answer honestly and it returns a readiness score, a prioritized gap list, and a report you can hand to an engineer, an executive, or an auditor.
- Classify your app under the EU AI Act — role, reach, risk tier.
- Score it against all ten OWASP LLM Top 10 controls.
- Each gap links back to the chapter and labs that close it.
Free · runs entirely in your browser · nothing leaves your device · not legal advice.
until the EU AI Act's transparency rules and GPAI enforcement apply — 2 Aug 2026. The clock is a tailwind, not a threat.
Two more moves, landing soon.
Practice and Secure are in build. Leave your email and you'll be first in when they open — no other mail.
DVLA — the vulnerable LLM app
A deliberately broken LLM app with graded challenges, so you can run every attack from the books against a safe, real target. Free and open source.
The Injection Tester
A hosted scanner that probes your live LLM app for prompt injection and OWASP LLM risks on every deploy, and tracks your posture over time. For teams.
Before you buy
Do I need a machine-learning background?
No. The people best at breaking AI systems already own the adversarial mindset — trust boundaries, "where is the trust and how is it verified?" — and point it at a new target. The maths is optional; the mindset is everything, and the book builds it from scratch.
How is this different from The Adversary's Mind?
Same author, same seven-step Loop, different target. The Adversary's Mind covers classic offensive security (recon to red team). Breaking AI applies that operator's mindset to LLM and agentic apps. They stand alone — or take both in the $99 everything bundle.
What do I get, and in what format?
The bundle is two PDFs: the 57-page guide and the 103-page Lab Workbook. They read on any device and download instantly after purchase. Chapters 1 & 2 are free to read as a sample.
Is the AI Audit tool part of the book?
The AI Audit is free and always will be — it runs in your browser and nothing leaves your device. The book teaches the attacks and fixes; the audit scores where your app stands and links each gap back to the chapter that closes it.
Is this legal?
Everything is written for AI systems you own, you built, or are explicitly authorized in writing to test — your own local models, a vulnerable app you deploy, or a bug-bounty programme that invites you in. Attacking a model you don't have permission to test is illegal, and the book says so throughout.
Do I get updates, and what's the refund policy?
Free updates to this edition are included as the OWASP list and the EU AI Act evolve. All sales are final once the file is downloaded; if you haven't downloaded it yet, request a full refund within 7 days.
Find the flaw before a real adversary does.
Do it inside the fence — in a lab you own. The guide, the labs, and a free audit to prove it.