AI Under Attack: A Practical Guide to Threats, Defenses, and Governance for AI Systems - Couverture souple

Kris Kimmerle; David Okeyode

 
9781806119936: AI Under Attack: A Practical Guide to Threats, Defenses, and Governance for AI Systems

Synopsis

Built on Fortune 500 experience, this guide delivers hands-on methods to secure generative AI with extensive coverage of RAG, agents, prompt injection, data pipelines, Zero Trust, and sustainable programs.

Includes the AI Under Attack Practitioner Toolkit, featuring chapter-specific Field Artifacts for real-world AI security practice.

Key Features

  • Defend LLMs, RAG, and autonomous agents against prompt injection, jailbreaks, and tool abuse
  • Apply Zero Trust architecture to AI agents with tool access, memory, and goal-directed reasoning
  • Run AI governance and red teaming programs aligned to NIST AI RMF, ISO 42001, and OWASP for LLMs
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Contrary to general AI texts or cybersecurity books with limited AI coverage, this guide offers a comprehensive dive into securing the generative AI ecosystem.

It moves through four parts: Foundations establishes why AI security is fundamentally different, covering threat modeling, attack surfaces, and core defense principles. Attacks provides deep technical examination of prompt injection, memory and context abuse, RAG system vulnerabilities, agent exploitation techniques, training data poisoning, and AI red teaming methodology. Building Secure AI Systems covers infrastructure and MLOps hardening, secure application and API design, defensive prompt engineering, guardrails with human oversight, supply chain integrity, and Zero Trust architecture for agents. Running AI Security Programs addresses governance, risk and compliance frameworks, security engineering practices, security operations, and building sustainable organizational capabilities. Throughout, you will gain access to practical insights and structured approaches applicable to real-world scenarios.

By the end, you will be able to design, implement, and maintain security programs for generative AI, defend against advanced threats, communicate risks to stakeholders, and establish governance ensuring secure, compliant operations across the lifecycle.

What you will learn

  • Identify AI-specific risks and clearly communicate them to business teams
  • Defend models, data, RAG, and agents from threats like poisoning, prompt injection, jailbreaking, and data exfiltration
  • Design resilient cloud/MLOps with Zero Trust, supply chain security, and isolation
  • Build secure APIs, apps, and agents with strong auth, validation, and safe tool use
  • Apply AI-focused GRC, alignment checks, bias mitigation, monitoring, and incident response
  • Translate complex concepts into actionable steps, using threat intel and collaboration for lasting security

Who this book is for

This book is for mid- to senior-level cybersecurity professionals, security architects, and tech leaders managing risks in generative AI deployments. It’s also valuable for early-career practitioners, AI/ML engineers, red teamers, DevSecOps, governance specialists, compliance officers, and product stakeholders with foundational cybersecurity knowledge. Readers should have basic familiarity with security concepts, some exposure to cloud platforms (AWS, Azure, or GCP), and a fundamental grasp of AI/ML, though no prior AI security expertise is required.

Table of Contents

  1. Why AI Security Is Different
  2. Threat Modeling AI Systems
  3. The AI Attack Surface
  4. Foundations of AI Defense
  5. Anatomy of an AI System
  6. Prompt Injection and Jailbreaking
  7. Memory, Context, and State Abuse
  8. Attacks on RAG Systems
  9. Agent Architecture and Vulnerabilities
  10. Agent Exploitation Techniques

(N.B. Please use the Read Sample option to see further chapters)

Les informations fournies dans la section « Synopsis » peuvent faire référence à une autre édition de ce titre.

À propos de l'auteur

Kris Kimmerle is a recognized leader in AI security and governance, currently driving strategic initiatives across global organizations. With over 20 years of experience spanning cybersecurity, cloud architecture, and artificial intelligence, Kris has helped international enterprises implement generative AI systems securely and in compliance with regulatory standards. His work bridges deep technical expertise with executive-level strategy, enabling organizations to scale AI without compromising trust, privacy, or resilience. He holds CISSP and AI Governance Professional (AIGP) certifications, along with specialized AI credentials from AWS, Azure, and Google Cloud. Kris is a trusted voice in the field, known for translating complex risks into practical guidance. He regularly speaks at industry events, advises global clients on securing AI across the development lifecycle, and publishes insights that shape the conversation on AI risk, governance, and security at scale.

David Okeyode is a leading cloud security architect with extensive experience in Azure security consulting, training, and research. He has authored multiple cloud security courses and speaks at major cybersecurity events worldwide.

Les informations fournies dans la section « A propos du livre » peuvent faire référence à une autre édition de ce titre.