Foundations

Essential building blocks for AI red teaming, covering red team methodology, the AI landscape, how LLMs work, embeddings and vector systems, AI system architecture, and adversarial machine learning concepts.

Before you can effectively attack an AI system, you need to understand how it works. This section provides the technical and methodological foundations that underpin every topic in the curriculum. Whether you come from a traditional security background and need to learn how transformers process language, or from an ML background and need to learn structured security assessment methodology, these foundations will fill the gaps.

The material here is deliberately practical. Rather than exhaustive ML theory, it focuses on the aspects of AI systems that create security-relevant behavior: how tokenization affects injection attacks, how attention mechanisms can be exploited, how embedding spaces enable semantic manipulation, and how deployment architectures create trust boundaries. Every concept is presented through the lens of what a red teamer needs to know to do their job well.

The Knowledge Stack

AI red teaming sits at the intersection of machine learning, software security, and adversarial thinking. The foundations section is organized to build understanding from the ground up.

Methodology establishes the structured approach to AI security assessment. This includes attack taxonomies that classify vulnerabilities by type and impact, threat modeling frameworks adapted for AI systems, and the ethical and legal guardrails that define responsible red teaming. Without methodology, testing becomes ad hoc -- you might find individual vulnerabilities but miss systemic weaknesses.

The AI landscape provides orientation to the broader ecosystem. Understanding the differences between open and closed models, the major API providers and their security models, deployment patterns from edge to cloud, and the various model types in production gives you the context needed to scope engagements and identify what you are actually testing.

How LLMs work covers the technical internals that drive security-relevant behavior. Transformer architecture explains how attention mechanisms route information between tokens. Tokenization reveals why certain encoding tricks bypass filters. Training pipeline understanding explains where safety behaviors are instilled and how they can be undermined. Inference and decoding mechanics explain why temperature, sampling, and logit processing affect attack success rates.

Embeddings and vector systems are essential for understanding RAG architectures and semantic similarity. When you know how documents are embedded into vector spaces and retrieved based on similarity, you can reason about how to manipulate retrieval, poison knowledge bases, and exploit the gap between semantic similarity and semantic intent.

AI system architecture maps the components of production AI deployments: API layers, orchestration frameworks, tool integrations, agent patterns, and the trust boundaries between them. This architectural understanding is what allows you to identify attack surfaces that are not visible from the user interface alone.

Adversarial ML concepts connect traditional adversarial machine learning to modern LLM security. Gradient-based attacks, threat models, and robustness concepts from the academic adversarial ML literature provide the theoretical foundation for many practical attacks against deployed systems.

What You'll Learn in This Section

• Red Team Methodology -- Structured approaches to AI security assessment including attack taxonomies, threat modeling basics, ethical guidelines, and legal considerations
• The AI Landscape -- Overview of model types, deployment patterns, the API ecosystem, and the open vs. closed model distinction
• How LLMs Work -- Transformer architecture, tokenization and its security implications, training pipeline from pre-training through alignment, inference and decoding mechanics, and scaling and emergence
• Embeddings & Vector Systems -- How embeddings encode meaning, semantic similarity and its manipulation, RAG architecture and retrieval mechanics
• AI System Architecture -- Deployment patterns, API anatomy, agent architectures, and the trust boundaries that define attack surfaces
• Adversarial ML Concepts -- Threat models for ML systems, gradient-based attacks, and robustness concepts that inform modern AI security

Prerequisites

This section is designed as the starting point for the curriculum. No prior AI or ML experience is required, though the following background will help you move through the material faster:

• Programming fundamentals -- Comfort reading Python code and understanding API interactions
• Basic security concepts -- Familiarity with vulnerability classes, threat modeling, and the attacker mindset from traditional cybersecurity
• General technical literacy -- Understanding of HTTP, JSON, REST APIs, and client-server architectures