David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · AI SECURITY LLC
AI Security LLC
The AI Security Engineer's Handbook
A practical field handbook for turning AI security from policy language into executable engineering work, control evidence, and operator-ready workflows.
Created a practitioner-oriented AI Security Engineering Handbook that translates AI risk, governance, product-security, and agentic-system concerns into concrete security engineering tasks, workflows, controls, templates,...
Client
AI Security LLC / Independent Research
Engagement Type
Research Product
Period
2026
Role
Author / AI Security Engineer / Product Security Architect
Focus Areas
AI Security Engineering, AI Product Security, AI System Inventory, Agentic Threat Modeling
The Research Narrative
Strategic Problem
The AI security field is overloaded with framework language, vendor claims, model-safety debates, and incomplete checklists. Practitioners need a clear operating model: what to inventory, what to threat model...
What David Did
David organized the handbook around the actual work of AI security engineering. It connects product-security review, secure SDLC, prompt-injection controls, tool permissions, RAG...
What Became Clearer
The result is a practitioner-facing reference that strengthens the broader AI Security LLC content system. It gives the Mythos framework an operational companion and gives the State of AI...
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
AI security teams are being asked to secure systems that do more than generate text. Modern AI products retrieve data, call tools, run workflows, store context, process sensitive information, and trigger actions. A useful handbook has to explain how to secure those surfaces as engineering work, not just as policy.
The Challenge
The AI security field is overloaded with framework language, vendor claims, model-safety debates, and incomplete checklists. Practitioners need a clear operating model: what to inventory, what to threat model, what to test, what to control, what to log, what to review, and what evidence to produce.
What I Did
David organized the handbook around the actual work of AI security engineering. It connects product-security review, secure SDLC, prompt-injection controls, tool permissions, RAG authorization, privacy handling, evaluation, monitoring, and governance evidence into a practical set of tasks and artifacts.
- •Defined AI security engineering as a concrete operating discipline rather than a loose mixture of model safety, compliance, and traditional AppSec
- •Mapped the recurring tasks an AI security engineer must perform across discovery, architecture review, threat modeling, control design, testing, evaluation, monitoring, and evidence generation
- •Translated AI product-security concerns into practical workflows that security and engineering teams can execute
- •Connected prompt injection, excessive agency, RAG authorization, tool-calling risk, data leakage, model behavior, and supply-chain issues to specific engineering controls
- •Organized governance requirements into artifacts that can be created, reviewed, and maintained rather than policy statements that sit outside delivery
- •Defined reusable templates for assessment, risk review, control mapping, workflow review, model evaluation, and evidence packaging
- •Framed AI security work around actual product surfaces: prompts, tools, context stores, APIs, agents, automation workflows, datasets, logs, connectors, and user-facing actions
- •Emphasized continuous verification and validation because AI behavior changes with prompts, context, tools, model versions, retrieval sources, and workflow design
The Outcome
The result is a practitioner-facing reference that strengthens the broader AI Security LLC content system. It gives the Mythos framework an operational companion and gives the State of AI Security Engineering Report a hands-on implementation layer.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Operational Reporting
Actionable views for security operations
Public-Safe Evidence
Shareable insights without sensitive data
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
SIEM Alert Debugging
Noise reduction and signal validation
Telemetry Normalization
Consistent and trusted data
Key Deliverables
- •AI Security Engineering Handbook
- •AI security engineer task taxonomy
- •AI product-security workflow guidance
- •AI system discovery and inventory guidance
- •Agentic-system threat modeling guidance
- •Prompt-injection testing and control guidance
- •Tool-calling and permission review guidance
- •RAG and context authorization guidance
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.