GitHub Actions Security: Risks, Exploits, and Hardening
A comprehensive guide to GitHub Actions security vulnerabilities, common exploit patterns, and how to audit and harden your CI/CD pipelines …
Security
.gitignore Patterns and Best Practices
Access Control Models
Frameworks for controlling who can access resources, including DAC, MAC, RBAC, and ABAC.
Adversarial Machine Learning
How evasion, poisoning, and model extraction attacks threaten ML systems, and the defenses available to mitigate them.
AI Security Best Practices
Security considerations for AI systems, covering prompt injection, data poisoning, model theft, access control, and building …
AI Supply Chain Security
Verifying model weights, scanning dependencies, and securing the end-to-end supply chain for AI artifacts from training to deployment.
AI-Enhanced Vulnerability Scanning
AI augments traditional security scanners by understanding code context, reducing false positives, and identifying vulnerabilities that …
Amazon Fraud Detector - ML-Based Fraud Prevention
A comprehensive reference for Amazon Fraud Detector: building fraud detection models, defining rules, and integrating real-time fraud …
API Gateway
What an API gateway is, how it manages API traffic, and when to use managed gateways versus custom solutions.
Asymmetric Encryption
Public-key cryptography using mathematically related key pairs, including RSA and elliptic curve algorithms.
Authentication and Authorization (AuthN/AuthZ)
The distinction between verifying identity (authentication) and granting access permissions (authorization), including the AAA model.
AWS Cloud Governance for AI Workloads
Practical guide for implementing cloud governance on AWS for AI and ML workloads, covering Organizations, SCPs, tagging, cost management, …
AWS vs Azure Governance Tools
Comparison of AWS and Azure governance capabilities for AI workloads, covering organization management, policy enforcement, cost control, …
AWS WAF - Web Application Firewall
AWS WAF is a web application firewall that protects web applications and APIs from common exploits, bot traffic, and malicious requests at …
CIA Triad - Confidentiality, Integrity, Availability
The three fundamental objectives of information security that guide the design and evaluation of security controls.
Cloud Armor - Web Application Firewall and DDoS Protection
Google Cloud Armor provides web application firewall (WAF), DDoS protection, and adaptive security policies for applications deployed on …
Cloud Governance
The framework of policies, processes, and controls that organizations use to manage cloud resources, ensure compliance, control costs, and …
DevSecOps
What DevSecOps means, how it integrates security into every stage of CI/CD, and why shifting security left is essential for AI/ML systems …
Digital Signatures and Certificates
Public key infrastructure (PKI) mechanisms for verifying authenticity and integrity using X.509 certificates and digital signature schemes.
Enterprise Cloud Governance Framework
A comprehensive framework for governing cloud environments that host AI workloads, covering organizational structure, policy enforcement, …
Firewalls and Network Security
Network security devices and techniques that control traffic flow between networks, including packet filtering, stateful inspection, and …
Guardrails Pattern - Input and Output Safety for AI Systems
Implementing input validation, output filtering, and safety layers that prevent AI systems from generating harmful, off-topic, or …
Hashing Algorithms
One-way functions that produce fixed-size digests from arbitrary input, including SHA-256, MD5, and bcrypt.
Homomorphic Encryption
How homomorphic encryption enables computation on encrypted data, allowing ML inference without exposing sensitive inputs.
HTTP and HTTPS
The foundational web protocols for transferring hypertext documents and resources, with HTTPS adding encryption via TLS for secure …
Istio
What Istio is, how it implements a service mesh on Kubernetes, and when the operational overhead is justified.
NAT Gateway
What NAT gateways do, how they enable private subnet internet access, and cost considerations for AWS deployments.
OAuth
OAuth is an open standard for delegated authorization, originating from Blaine Cook and Chris Messina's work at Twitter in 2006-2007 and …
OWASP Top 10 for LLM Applications (2025)
Practical guide to the OWASP Top 10 vulnerabilities for LLM applications, covering prompt injection, data leakage, supply chain risks, and …
Penetration Testing
Authorized simulated attacks on systems to identify security vulnerabilities before malicious actors exploit them.
Prompt Injection
An attack technique where malicious input manipulates an LLM into ignoring its instructions, executing unintended actions, or revealing …
Prompt Injection Defense
Layered defense strategies against prompt injection attacks in production LLM applications: input validation, output filtering, privilege …
Red Teaming
What red teaming is in AI, how adversarial testing discovers vulnerabilities and failure modes before deployment, and best practices for …
Red Teaming and Adversarial Testing for AI Systems
How to plan and execute red team exercises that systematically probe AI systems for vulnerabilities, biases, and failure modes before …
Secrets Management for AI Pipelines
How to manage API keys, credentials, and sensitive configuration in AI pipelines using vault integration, rotation policies, and secure …
Security Scanning in AI/ML CI/CD Pipelines
How to integrate security scanning into AI/ML CI/CD pipelines: dependency scanning, container image analysis, model file validation, secrets …
Security Threat Modeling
Structured approaches for identifying and prioritizing security threats, including STRIDE, DREAD, and attack trees.
Subnet
What subnets are, how they segment VPC networks, and best practices for subnet architecture on AWS.
Supply Chain Security
Cybersecurity practices for managing risks across the chain of vendors, open-source components, and third-party services that AI systems …
Symmetric Encryption
Encryption algorithms that use the same key for both encryption and decryption, including AES and DES.
TLS/SSL
Transport Layer Security and its predecessor Secure Sockets Layer, cryptographic protocols that provide encrypted communication and …
VPC - Virtual Private Cloud
What a VPC is, how it provides network isolation on AWS, and essential VPC design considerations for AI workloads.
Zero Trust Architecture
What zero trust means, how it replaces perimeter-based security, and why AI model serving and data access require zero trust principles.
Zero Trust for AI Model Serving
Applying zero trust architecture to AI systems: securing inference endpoints, model artifact access, training data, and service-to-service …
Security (Well-Architected Pillar)
The Well-Architected pillar covering IAM, encryption, network security, and detection - and how it applies to AI workloads including …
Shared Responsibility Model
What the shared responsibility model is, how AWS, Azure, and GCP divide security duties, and special considerations for AI and ML workloads.
The Shared Responsibility Model for AI on AWS
How AWS shared responsibility applies to AI and ML workloads: data, model, and infrastructure responsibilities across Bedrock and SageMaker.
Amazon Cognito - User Authentication for AI Apps
Amazon Cognito User Pools and Identity Pools: JWT token structure and expiry, MFA options, SAML/OIDC federation, Lambda triggers, rate …
Security Fundamentals
Authentication, authorization, encryption, the OWASP Top 10, and the zero trust model. The baseline security practices that every production …
Well-Architected Framework
The cloud architecture review methodology used by AWS, Azure, and Google Cloud to evaluate workloads against proven best practices across …