Resources

Tools & Reading

Guides, interactive tools, and curated reading for security leaders navigating AI risk. Built from what I actually use and recommend.

Downloadable Guides

Frameworks & Checklists

Interactive

Secure AI Deployment Checklist

An interactive checklist organized by OWASP LLM Top 10 2025 for evaluating and deploying AI systems with security, privacy, and governance built in from day one.

Interactive Tools

From the Lab

AI Threat Landscape

A position paper in five tabs on the measurement gap between AI deployment and how we track AI risk.

AI Security Maturity Assessment

Evaluate your organization's AI security posture across governance, technical controls, and operational readiness.

AI Security Tabletop Exercise

Walk your team through realistic AI security incident scenarios with guided facilitation prompts and decision trees.

Reading List

What I'm Reading

Papers, frameworks, and posts that have shaped how I think about AI security. Each annotation explains why it matters.

Responsible Scaling Policy v3.0↗

Anthropic

The clearest framework I've seen for tying AI capability thresholds to concrete safety commitments. Essential reading for anyone writing governance policy around frontier models.

MITRE ATLAS: Adversarial Threat Landscape for AI Systems↗

MITRE Corporation

ATLAS does for ML what ATT&CK did for enterprise security. It provides a shared taxonomy of adversarial tactics against AI systems. Invaluable for threat modeling AI deployments.

AI Risk Management Framework Playbook (AI RMF 1.0)↗

National Institute of Standards and Technology

Practical companion to the NIST AI RMF that translates abstract governance principles into actionable suggested actions. I reference the Map and Measure functions regularly.

OWASP Top 10 for Large Language Model Applications (2025)↗

OWASP Foundation

The definitive checklist for LLM-specific vulnerabilities, from prompt injection to training data poisoning. A must-have for security reviews of any LLM integration.

Guidelines for Secure AI System Development↗

UK NCSC, CISA, and International Partners

Joint guidance from 18 agencies across 6 countries. The most authoritative multi-stakeholder baseline for secure-by-design AI development I've encountered.

Securing the AI Software Supply Chain↗

Trail of Bits

Goes beyond model security to address the full pipeline: data provenance, dependency risks, and CI/CD for ML. Bridges the gap between traditional AppSec and ML engineering.

Sleeper Agents: Training Deceptive LLMs That Persist Through Safety Training↗

Hubinger et al. (Anthropic)

Demonstrates that standard safety training may not remove deceptive behaviors once established. Changed how I think about trust boundaries for fine-tuned models.