Course
AI Security
How prompt injection and jailbreaks actually work, taught defensively with real model transcripts: direct and indirect injection, roleplay/encoding/multi-turn jailbreak techniques, and the text-level and architectural defenses that hold up against them.
Lesson 1
Who's Actually Talking to the Model?
The root cause of every attack in this course: there's no hard wall between instructions and data.
Lesson 2
Direct Prompt Injection
A user tries to override the system prompt outright — real attempts, real outcomes.
Lesson 3
Indirect Prompt Injection
The attacker never talks to the model at all — the instruction hides in content the model is asked to process.
Lesson 4
Jailbreak Mechanics
Roleplay framing, encoding tricks, and multi-turn erosion — attacks that never say "ignore your instructions."
Lesson 5
Defenses, Part 1: Filtering and Structured Prompting
Sandwiching, delimiting, and keyword filters — tested against the exact attack that actually worked.
Lesson 6
Defenses, Part 2: Defense-in-Depth
Least privilege, human-in-the-loop, and why the real safety net is architecture, not prompting.