The Adversary's Mind · AI

Break your AI before someone else does.

Every feature you bolt onto a language model is a new trust boundary — and every trust boundary is an invitation. Breaking AI teaches you to think like the adversary the model never sees coming, then prove it in a lab you own.

57-pg guide103-pg labsOWASP LLM Top 10MITRE ATLAS

01 · Learn

Read it, then do it.

Breaking AI is the AI-red-team companion to The Adversary's Mind — the same seven-step Loop runs through every chapter, so the reasoning becomes automatic instead of memorized. No machine-learning background required: the maths is optional, the adversarial mindset is everything. Every technique is mapped to the OWASP LLM Top 10 and MITRE ATLAS so your findings speak the language professionals use.

Part One — The Ground & The Prompt

Chapters 1–3

  1. The LLM Attack Surface
  2. Direct Prompt Injection
  3. Jailbreaks & Guardrail Evasion
Part Two — The Data You Trusted

Chapters 4–6

  1. Indirect Prompt Injection
  2. RAG & Data Poisoning
  3. System-Prompt Extraction & Sensitive-Data Leakage
Part Three — The Blast Radius

Chapters 7–8

  1. Insecure Output Handling
  2. Model & Wallet Denial of Service
Part Four — The Frontier

Chapters 9–10

  1. Supply-Chain Attacks on AI
  2. Agentic AI & MCP / Tool-Use Abuse
Appendices

The reference kit

  • A — OWASP LLM Top 10 ↔ MITRE ATLAS ↔ chapter map
  • B — The Lab Toolkit (Ollama, garak, PyRIT, Burp, DVLA)
The companion

The Lab Workbook — 103 pages

  • Gated, hands-on labs for all ten chapters
  • Practice on models and apps you own — Ollama, DVLA, PortSwigger
  • The book is the skeleton; the workbook is the muscle
Why it's different

Mindset first, mapped to the standards.

// root cause

One idea, ten attacks

A model reads instructions and data through the same eyes. Every chapter is a consequence of that single fact — so you reason, not memorize.

// standards

OWASP LLM Top 10 + ATLAS

Every technique carries its OWASP ID and MITRE ATLAS family, so your findings drop straight into a professional report.

// both chairs

Attack and defense

Every chapter pairs the attack with a Defensive Playbook and a Cat & Mouse exchange — the whole board, not half of it.

// frontier

Agents & MCP, not just chat

The most consequential surface — tool-using agents and MCP servers, the lethal trifecta, zero-click exfiltration — gets its own chapter.

// hands-on

A lab you own

Every attack is practiced against local models and the companion Damn Vulnerable LLM App — never someone else's system.

// operator

Copy-paster → operator

Each chapter's Operator's Corner turns a string you pasted into a mechanism you understand — the difference that lasts.

Pricing

Start breaking things this weekend

The Guide

Breaking AI only

The thinking, mapped to the standards.

$39
one-time · instant PDF
  • The 57-page AI red-team guide
  • All 10 chapters across 4 parts
  • Appendices A & B
  • OWASP LLM Top 10 ↔ ATLAS map
  • Free updates to this edition
Get the guide
Complete BundleMost popular

Guide + Lab Workbook

Read the attack, then run it.

$59
one-time · two PDFs
  • Everything in the guide, plus —
  • The 103-page Lab Workbook
  • Gated, hands-on labs for all 10 chapters
  • Full lab setup — Ollama, DVLA, garak, PyRIT
  • Practice only on targets you own
Get the complete bundle
EverythingBest value

Both books + both labs

This bundle plus the original field manual.

$99
one-time · four PDFs · save $39
  • Breaking AI + Lab Workbook
  • The Adversary's Mind + Lab Workbook
  • $138 value — the full shelf
Get everything See the original

All sales are final once the file is downloaded. If you haven't downloaded it yet, request a full refund within 7 days — no questions.

03 · Assess · free

Then prove where you stand.

The AI Audit is a free, browser-based self-assessment — the practical companion to the book. Answer honestly and it returns a readiness score, a prioritized gap list, and a report you can hand to an engineer, an executive, or an auditor.

  • Classify your app under the EU AI Act — role, reach, risk tier.
  • Score it against all ten OWASP LLM Top 10 controls.
  • Each gap links back to the chapter and labs that close it.

Free · runs entirely in your browser · nothing leaves your device · not legal advice.

days

until the EU AI Act's transparency rules and GPAI enforcement apply — 2 Aug 2026. The clock is a tailwind, not a threat.

2 Aug 2026Transparency · GPAI enforcement
2 Dec 2026New prohibitions (provisional)
2 Dec 2027High-risk obligations (provisional)
Coming soon

Two more moves, landing soon.

Practice and Secure are in build. Leave your email and you'll be first in when they open — no other mail.

02 · PracticeComing soon

DVLA — the vulnerable LLM app

A deliberately broken LLM app with graded challenges, so you can run every attack from the books against a safe, real target. Free and open source.

04 · SecureComing soon

The Injection Tester

A hosted scanner that probes your live LLM app for prompt injection and OWASP LLM risks on every deploy, and tracks your posture over time. For teams.

Questions

Before you buy

Do I need a machine-learning background?

No. The people best at breaking AI systems already own the adversarial mindset — trust boundaries, "where is the trust and how is it verified?" — and point it at a new target. The maths is optional; the mindset is everything, and the book builds it from scratch.

How is this different from The Adversary's Mind?

Same author, same seven-step Loop, different target. The Adversary's Mind covers classic offensive security (recon to red team). Breaking AI applies that operator's mindset to LLM and agentic apps. They stand alone — or take both in the $99 everything bundle.

What do I get, and in what format?

The bundle is two PDFs: the 57-page guide and the 103-page Lab Workbook. They read on any device and download instantly after purchase. Chapters 1 & 2 are free to read as a sample.

Is the AI Audit tool part of the book?

The AI Audit is free and always will be — it runs in your browser and nothing leaves your device. The book teaches the attacks and fixes; the audit scores where your app stands and links each gap back to the chapter that closes it.

Is this legal?

Everything is written for AI systems you own, you built, or are explicitly authorized in writing to test — your own local models, a vulnerable app you deploy, or a bug-bounty programme that invites you in. Attacking a model you don't have permission to test is illegal, and the book says so throughout.

Do I get updates, and what's the refund policy?

Free updates to this edition are included as the OWASP list and the EU AI Act evolve. All sales are final once the file is downloaded; if you haven't downloaded it yet, request a full refund within 7 days.

Find the flaw before a real adversary does.

Do it inside the fence — in a lab you own. The guide, the labs, and a free audit to prove it.