AI SECURITY ENGINEERING FIELD GUIDE · 2026
Practical playbooks for AI security work in the field.
A practitioner-centered guide for mapping AI systems, testing abuse paths, hardening controls, collecting evidence, and turning AI risk into engineering work.
Positioning
Field Guide vs Handbook
Practitioner-first
Use the guide to inspect systems, map boundaries, test abuse paths, choose controls, collect evidence, and write remediation work.
Domain-based
The 14-domain spine covers LLM apps, RAG, agents, model supply chain, MLOps, governance evidence, procurement, and architecture.
Artifact-producing
Each domain points to questions, checks, controls, evidence, Workbench instruments, service paths, and Handbook background.
Field Guide
Applied, practitioner-first, domain-based, checklist-heavy, evidence-oriented, and built to support assessment delivery.
Handbook
Educational, chapter-based, concept-first, and built for study, training, discipline vocabulary, and operating-model background.
Domain index
The 14 applied AI security domains
01
AI Security Foundations
02
LLM Application Security
03
Prompt Injection and Context Security
04
RAG Security
05
Agent Security
06
Model Supply Chain Security
07
MLOps Platform Security
08
AI-Aware Secure SDLC
09
Privacy and Data Protection in AI Systems
10
AI Governance, Risk, and Compliance
11
Red Teaming and Adversarial Evaluations
12
Incident Response and AI Observability
13
Vendor Risk and AI Procurement
14
Secure AI Architecture Design
Practitioner checklist
Use it to produce review evidence
01
Map the AI system surface before testing behavior.
02
Mark trust boundaries for prompts, retrieval, tools, memory, providers, and logs.
03
Run checks against data access, delegated action, provider boundaries, and fallback paths.
04
Collect evidence that proves controls ran.
05
Turn findings into backlog items with owner, test, evidence, and retest date.