Learning Objectives

The following objectives define the targeted knowledge, skills, and competencies for this elective project.

1. Knowledge Objectives

Upon completion, the project will demonstrate an understanding of:

  • The threat landscape surrounding generative AI and Large Language Models
  • Key attack techniques such as prompt injection, AI-supported phishing, and social engineering
  • OWASP Top 10 for LLMs and related security frameworks
  • The security implications of vector embedding spaces and semantic proximity in RAG-based systems
  • Typical vulnerabilities in GenAI-based systems
  • Basic technical countermeasures against AI-related attacks

2. Skill Objectives

The student will demonstrate the ability to:

  • Perform technical red-teaming and Proof-of-Concept (PoC) exploits in a controlled local LLM environment
  • Identify security vulnerabilities through literature study and illustrative examples
  • Structure and design technical documentation on a web-based platform
  • Apply existing security frameworks for practical risk assessment

3. Competency Objectives

The student will be able to independently:

  • Critically evaluate generative AI from a cybersecurity perspective
  • Plan and execute an independent security project from inception to delivery
  • Navigate the legal and ethical frameworks surrounding AI security research and model licensing (e.g., MIT, Llama Community License)
  • Reflect on defensive strategies and risk reduction
  • Communicate complex technical vulnerabilities to both technical and non-technical readers through structured digital documentation

4. Strategic Choice of Objectives

These objectives were chosen to fill my gap in knowledge between traditional IT security and the emerging field of AI. As a security student, I recognized that while AI is often treated as a "black box" or a productivity tool, it represents a significant new attack surface that requires the same rigorous, structured analysis as any other networked system. By focusing on the OWASP Top 10 for LLMs and vector security, I aimed to move beyond surface-level "jailbreaks" and develop a competency in identifying root-cause architectural failures. The choice to work in a local Llama environment was strategic, ensuring that the project remained technically grounded and legally compliant while allowing for deep, unrestricted "red-teaming" exploration.

5. Reflections

The project successfully fulfilled all predefined objectives, moving my understanding from general interest to technical competency in GenAI security.

5.1 Knowledge & Skills: Applied Research

Researching the OWASP Top 10 and mapping risks like Prompt Injection and Semantic Proximity provided a solid theoretical base. This knowledge was validated through technical red-teaming in a local environment, connecting theory and practice by empirically proving vulnerabilities like the "NX-9982-SECRET" leak.

5.2 Competencies: Independence & Communication

Executing this project independently required navigating complex licensing (Meta/MIT) and ethical frameworks. Translating these findings into structured documentation (Analysis and Demonstration) strengthened my ability to communicate complex, probabilistic vulnerabilities to both technical and non-technical audiences.

Summary: All learning objectives have been addressed. The project has successfully established a structured, technical foundation for evaluating and securing generative AI systems.