AI Watchtower

Critical watch on AI security — threat models, poisoning, agents, hardening.

Latest

Agents When the Guards Are Agents Too: The Recursive Corruption of Control Systems

Classic security tools hunt for dangerous words: ‘hack’, ‘bomb’, ‘urgent’. But you don’t subvert an AI agent …

Jun 29, 2026 · 11 min Agents When AI Takes Action: Understanding Attacks on Autonomous Agents, and How to Defend Against Them

A chatbot writes sentences; an AI agent acts — it reads your email, runs code, calls APIs, spends money. That shift moves the risk: it is no longer …

Jun 29, 2026 · 15 min Fundamentals The Instruction That Protects Nothing: Why Prompt Position and Fine-Tuning Never Validate an LLM

A stubborn intuition holds that you only need to put the safety rules ‘first’ in the system prompt. It is false, and for a reason that …

Jun 29, 2026 · 8 min Poisoning & Supply Chain The Free-Tier Backdoor: Poisoning the Continuous Training of Commercial LLMs

Commercial assistants — Claude, ChatGPT, Gemini, Le Chat — keep learning from free-tier feedback: ratings, regenerations, and the conversations …

Jun 21, 2026 · 12 min

Fundamentals

Fundamentals The Instruction That Protects Nothing: Why Prompt Position and Fine-Tuning Never Validate an LLM

A stubborn intuition holds that you only need to put the safety rules ‘first’ in the system prompt. It is false, and for a …

Jun 29, 2026 · 8 min Strategy The AI War on Our Networks: Why Attack Outpaces Defense

Strategic essay. Cyber conflict is now machine-versus-machine, at a tempo that excludes the human operator. Attack holds the advantage — by …

Jun 12, 2026 · 9 min Fundamentals How LLMs Work: From the LSTM to the Transformer

Three interactive diagrams to see, step by step, how a sentence flows through a recurrent network (LSTM), a convolutional network (CNN), and …

Jun 12, 2026 · 7 min

Agents

Explainer When the Guards Are Agents Too: The Recursive Corruption of Control Systems

Classic security tools hunt for dangerous words: ‘hack’, ‘bomb’, ‘urgent’. But you don’t subvert …

Jun 29, 2026 · 11 min Explainer When AI Takes Action: Understanding Attacks on Autonomous Agents, and How to Defend Against Them

A chatbot writes sentences; an AI agent acts — it reads your email, runs code, calls APIs, spends money. That shift moves the risk: it is no …

Jun 29, 2026 · 15 min Analysis The War of AIs in Cyberspace: Agentic SIEMs as a New Attack Surface

SOCs are evolving toward agentic architectures where multiple AIs handle triage, investigation, correlation, and response. The decision …

Jun 18, 2026 · 11 min Analysis The Agentic SOC — and the Attacks Against Defensive AI Agents

Two linked shifts: the SOC moves from a human craft model to an automated agentic one — and those same defensive agents become a new attack …

Jun 10, 2026 · 14 min

Poisoning & Supply Chain

Analysis The Free-Tier Backdoor: Poisoning the Continuous Training of Commercial LLMs

Commercial assistants — Claude, ChatGPT, Gemini, Le Chat — keep learning from free-tier feedback: ratings, regenerations, and the …

Jun 21, 2026 · 12 min Analysis Conditional DPO Backdoors: From a Rare Context to an Agentic Chain

A deeper companion to the free-tier feedback explainer. DPO moves safety from the behavior level to the level of a conditional distribution; …

Jun 21, 2026 · 6 min

Hardening

Hardening Claude Desktop — Simple Hardening: What Claude Should NOT Have Access To

Targeted attack-surface reduction for Claude Desktop. Simple principle: it’s a chat assistant, not a system agent. The list of NOs, …

Apr 27, 2026 · 10 min