The Instruction That Protects Nothing: Why Prompt Position and Fine-Tuning Never Validate an LLM

A stubborn intuition holds that you only need to put the safety rules ‘first’ in the system prompt. It is false, and for a reason that turns against it: a transformer grants no authority to a token’s position. Fine-tuning fails exactly the same test. Neither is an access control — both live inside the very thing they claim to constrain. The only guarantee is deterministic and external, and a rigorous dataset must reflect that boundary in its labels.

June 29, 2026 · 8 min · 1663 words · aleph-beth

When AI Takes Action: Understanding Attacks on Autonomous Agents, and How to Defend Against Them

A chatbot writes sentences; an AI agent acts — it reads your email, runs code, calls APIs, spends money. That shift moves the risk: it is no longer about making the AI say something forbidden, but about making it do something dangerous. This article explains, with detailed and accessible examples, how these attacks actually work, why naive guardrails fail, and what a decision-maker must demand before putting an agent into production.

June 29, 2026 · 15 min · 3078 words · aleph-beth

When the Guards Are Agents Too: The Recursive Corruption of Control Systems

Classic security tools hunt for dangerous words: ‘hack’, ‘bomb’, ‘urgent’. But you don’t subvert an AI agent with suspicious vocabulary — you subvert it with the ordinary language of the business: a role, a process, a plausible emergency. And when the agent that monitors, the SIEM that correlates and the auditor that checks are themselves AI agents, the attacker no longer has to defeat a system: it corrupts them in a chain. This article explains that recursive-corruption mechanism and what a decision-maker must demand to break it.

June 29, 2026 · 11 min · 2293 words · aleph-beth

The AI War on Our Networks: Why Attack Outpaces Defense

Strategic essay. Cyber conflict is now machine-versus-machine, at a tempo that excludes the human operator. Attack holds the advantage — by architecture, not by accident: defending one LLM with another reproduces the very flaw. The way out is to move the decision out of the model, into a deterministic layer.

June 12, 2026 · 9 min · 1860 words · aleph-beth

The Agentic SOC — and the Attacks Against Defensive AI Agents

Two linked shifts: the SOC moves from a human craft model to an automated agentic one — and those same defensive agents become a new attack surface. The defense you deploy is also the breach you open.

June 10, 2026 · 14 min · 2953 words · aleph-beth