book

Practical AI Security

Name: Practical AI Security
Author: Harriet Farlow
ISBN: 9781718504660

by Harriet Farlow

June 2026

Intermediate

392 pages

11h 24m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
About the Author
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
FOREWORD
ACKNOWLEDGMENTS
INTRODUCTION
What This Book Is AboutWho This Book Is ForAI Security vs. Cybersecurity vs. AI SafetyThis Book’s StructureThe Python-Based Colab NotebooksWhy Did I Write This Book?Let’s Begin

PART I: AI AND SECURITY FUNDAMENTALS
1 WHAT IS AI?
Defining Machine Learning and the Origins of AIThe First Machine Learning Model: The PerceptronAn Example: Recommending a MovieNeurons and Neural NetworksAn Easy Introduction to the Math of Machine LearningThe Perceptron Formula RevisitedData StructuresMatrices, Dataframes, and TensorsWorking with Models in PythonProcessing DataCreating Training and Test SetsBuilding the ArchitectureCompiling the ModelTraining the ModelEvaluating the ModelDebunking Data Science MythsSummaryResources
2 WORKING WITH MODELS
Machine Learning ApplicationsComputer VisionSignal ProcessingLearning MethodsSupervised vs. Unsupervised ApproachesReinforcement LearningPerforming Reinforcement Learning in PythonGenerative AIThe Evolution of Large Language ModelsThe Embedding SpaceTransformer ModelsReinforcement Learning with Human FeedbackBuilding a Language Model in PythonCreating Multimodal ModelsAgentsAgent Communication ProtocolsAn Agent Communication ExampleAI as a SystemRetrieval-Augmented GenerationAI InfrastructureSummaryResources
3 AI THREATS
The Attack SurfaceThreat ModelingSystem DiagramsExample 1: MITRE ATLAS and OWASPExample 2: MAESTROThreat ActorsTaxonomiesCriminal EnterprisesAdvanced Persistent ThreatsThreats to AIAI Threat IntelligenceTraditional Software VulnerabilitiesAI-Enabled Cyber CrimeAI Weaknesses in ResearchAI Weaknesses in the Real WorldAPT Interest in Intellectual PropertyAI Security vs. Traditional CybersecurityConceptual ModelsVulnerability ScoringUninterpretabilityUnpatchabilityNondeterminismScaleSummaryResources
PART II: ATTACKING AND DEFENDING AI
4 ATTACKS AND WEAKNESSES
The Machine Learning Life Cycle and Attack SurfaceDisruption and Deception MethodsFast Gradient Sign Method and Projected Gradient DescentAdversarial PatchCarlini and Wagner AttacksData PoisoningBackdoorsDisclosure-Based MethodsPrompt InjectionMembership InferenceModel ExtractionSide-Channel AttacksSystem-Level AI ThreatsRetrieval Augmented Generation AttacksSupply Chain RisksRisks to AgentsSummaryResources
5 DEFENSES, CONTROLS, AND MITIGATIONS
Machine Learning DefensesAdversarial TrainingGradient ObfuscationRandomized SmoothingCertified DefensesDefensive DistillationModel EnsemblesStatistical Detection MechanismsSystem-Level Controls and MitigationsInput ValidationInstruction Layer FilteringCybersecurity Controls and MitigationsAgent-Specification ConsiderationsSecurity Across the Life CycleMitigating Real-World AttacksFacial Recognition Bypass (Without Liveness Detection)Facial Recognition Bypass (With Liveness Detection)Denial of Service in MathGPTMalicious Code in Google Colab NotebooksMalware Detector BypassMetamorphic Ransomware VariantsSummaryResources
PART III: THE AI SECURITY ECOSYSTEM
6 RED TEAMING AI
The Red Teaming EcosystemCyber Red TeamingAI Red TeamingOther Testing MethodologiesPlanning an ExerciseSetting ObjectivesDefining the Threat ModelSelecting Adversarial TechniquesChoosing Tools and FrameworksExecuting the Red Team PlanTest Case 1: Prompt InjectionTest Case 2: Prompt FuzzingTest Case 3: Multi-Turn AttacksResponsible Disclosure and ReportingCoordinated Vulnerability DisclosureTechnical vs. Business ReportsReport ExamplesGames and ChallengesSummaryResources
7 ATTACKING AND DEFENDING WITH AI
AI for Cyber DefenseAnomaly and Intrusion DetectionMalware Detection and AnalysisThreat IntelligenceSecurity OperationsAI for Offensive CybersecurityVulnerability Discovery and ExploitationPhishing and Social EngineeringAutonomous Attack AgentsMisinformation and DisinformationCyber Espionage and SurveillanceSummaryResources
8 AI SAFETY
A History of AI SafetyExample: My AI Assistant’s Possible Safety IssuesShort-Term RisksBiasMisuseInterpretabilityJob DisplacementLong-Term RisksAlignment and the Control ProblemFailure ModesEvaluations and BenchmarksTesting for HarmClassifying Toxicity with DetoxifyEvaluating Natural LanguageMeasuring Math AbilityEvaluating ReasoningRating Claude’s Security AdviceMeasuring Agent SafetyMechanistic InterpretabilityActivation PatchingFeature AttributionProbing ClassifiersCircuit AnalysisSummaryResources
9 AI GOVERNANCE
Two Approaches to AI GovernanceCreating Dedicated AI LawsAdapting Sector-Based LawsTypes of GuidelinesPolicyStandardsIndustry FrameworksCase StudiesThe Evolution of Chatbot RegulationsThe Complexities of Regulating Third PartiesDead Rhinos and Responsibility Across JurisdictionsRisk AnalysisQualitative vs. Quantitative ApproachesRapid Risk AuditsBayesian MethodsPrioritization MatrixesImplementing Governance in PracticeAll OrganizationsHigh-Risk Industries and AI DevelopersSummaryResources
10 WHAT’S NEXT FOR AI SECURITY?
Technical ChallengesAgentic AIOpen vs. Closed Model WeightsWeb3Quantum ComputingArtificial General IntelligenceSocial and Organizational ChallengesModel Development vs. LicensingGeopoliticsCommunications and DesignClimateThe Workforce of the FutureGetting into AI SecurityChoosing Your Career PathHoning Your CraftSummaryResources
CONCLUSION: A NEW KIND OF HACKER
FIGURE CREDITS
INDEX

Overview

If you’re a security practitioner learning to operate in AI environments, or an ML engineer who needs to understand what adversaries actually do, Practical AI Security gives you the technical foundation the field demands.

Built from first principles, this book takes you from how models fail to how they’re exploited to how they’re defended and audited. Every technique includes clear explanations and real-world examples, and you can run the attacks and defenses yourself with over 30 hands-on Python demos.

Understand how different kinds of machine learning models create unique vulnerabilities, and explore how these models are integrated into more autonomous, agentic AI systems to introduce new weaknesses and risks.
Identify, exploit, and defend against dozens of weaknesses and attacks across the AI life cycle, including data poisoning, model theft, and prompt injection.
Evaluate AI systems for safety failures, bias, and alignment risks using structured benchmarking.
Threat-model agentic systems, RAG pipelines, and multimodal architectures using MITRE ATLAS, OWASP, and the MAESTRO framework.
Design and execute AI-specific red teaming campaigns, and understand what makes them distinct from traditional security tests.
Conduct rapid risk audits and navigate AI governance frameworks for real deployments.

Whether you use, build, deploy, or oversee AI, this isn’t niche knowledge—it’s the foundation for defending the technologies that will define the next era of human progress.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0642572230326Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills