danielrodriguez-sec/ai-security-portfolio

# AI Security Portfolio Hands-on projects in AI/LLM security — offensive testing, defensive detection, and incident response — built on 20+ years of DFIR experience across federal agencies and Fortune 500 enterprises. ## About This Portfolio Most AI security content focuses on offense (prompt injection, jailbreaks, model extraction). This portfolio emphasizes the **defensive and IR side** — detection engineering, incident response playbooks, and threat hunting for AI/LLM systems — content largely missing from publicly available material. ## Projects *Projects will be added as completed. Each includes methodology, evidence, and reproducible code where applicable.* ### Phase 1 — Foundations (Weeks 1–3) - **Project 1:** AI Security Frameworks Cross-Reference *(in progress)* - **Project 2:** Red Team Assessment of a Vulnerable RAG Application *(planned)* ### Phase 2 — Defensive Track (Weeks 4–6) - **Project 3:** Splunk Detection Content Pack for LLM Application Abuse *(planned)* - **Project 4:** AI Incident Response Playbook *(planned)* - **Project 5:** Indirect Prompt Injection via Email — Attack & Detection *(planned)* ### Phase 3 — Specialization (Weeks 7–9) - **Project 6:** AI CTF Writeups *(ongoing)* - **Adversarial ML beyond LLMs:** Evasion attacks, membership inference *(planned)* - **Deep technical writeup:** Topic TBD *(planned)* ## Frameworks Referenced - **OWASP Top 10 for LLM Applications** - **MITRE ATLAS** (Adversarial Threat Landscape for AI Systems) - **NIST AI Risk Management Framework (AI RMF)** - **Google Secure AI Framework (SAIF)** ## Tools & Stack **Offensive:** Garak · PyRIT · Promptfoo · custom Python scripts **Defensive:** Splunk · Sigma · custom detection content **Model hosting:** Ollama · Hugging Face · ChromaDB (RAG) **Environment:** Kali Linux · Ubuntu (VirtualBox) ## Background I bring two decades of incident response and digital forensics into the AI security space. Federal-tier work includes CISA's Hunt and Incident Response Team, Pentagon CIRT, DoD Cyber Crime Center, and US Department of State CIRT. Corporate work includes Synchrony Financial, Biogen, and E*Trade Financial. The IR and playbook authoring experience this portfolio draws on is genuinely underrepresented in publicly available AI security content. AI systems are being deployed faster than they're being secured, and almost no one publishing in this space has run an actual incident from detection through containment to lessons-learned. ## Contact - 🌐 [directaiautomation.com](https://www.directaiautomation.com) - 💼 [LinkedIn](https://linkedin.com/in/danielrodriguezcisspence) - 📫 Daniel.Rodriguez@directaiautomation.com *Portfolio updated through 2026. Repository structure and project list will evolve as work is published.*