All AI articles
Full archive of Andy's AI Playbook articles, grouped by topic across agent security, agent architecture, prompt engineering, model evaluation, and evidence-based AI workflows.
Grouped by topic; within each topic sorted by published date (newest first).
Agent security (10) Agent security (10)
-
Why app-connected and MCP-enabled LLM systems should be analyzed as capability, scope, approval, and side-effect control problems—not only as prompt-processing systems.
-
Why retrieved web content must stay non-authoritative in browsing-enabled or tool-using LLM systems, and how to keep it from steering routing, tool arguments, or side effects.
-
How multi-step orchestration (controller) loops change the threat model in tool-using systems, and where to enforce separation, authorization, validation, and budgets to reduce prompt injection, tool misuse, unsafe writes, and unbounded consumption.
-
Client-only security report on text-only confirmations of privileged state/actions without verifiable signed audit artifacts; backend state changes not verified.
-
Threat model of social engineering against AI decision pipelines; maps prompt injection to enforcement controls outside the model (PDP/PEP, validation, budgets).
-
A member article for reviewers who need a structured way to assess how control-plane weaknesses can let untrusted state influence tool-using LLM systems across steps.
-
A member article for reviewers who need a structured way to assess where untrusted content can influence chained LLM systems.
-
Why agent-layer threat modeling is incomplete: the first high-leverage control point is the LLM integration trust boundary (before agent frameworks exist).
-
Prevent authority confusion in prompt assembly by enforcing typed provenance separation between authoritative policy and untrusted content at ingress.
-
A member article for reviewers who need a structured way to examine how context, authorization, tools, and state interact across request assembly.
Agent architecture (4) Agent architecture (4)
-
Why multi-path reasoning in LLM systems usually comes from inference-time orchestration rather than ordinary single-pass autoregressive decoding.
-
A control-plane placement comparison across reliability, observability, latency, cost governance, and security for tool-using LLM systems.
-
A vendor-agnostic model of context construction—what can enter context, what gets used per response, what is retained for later, and which security controls must live outside the prompt.
-
A practical mapping of human cognitive capabilities to GenAI limitations, engineering substitutes, and residual gaps.
Model training and evaluation (6) Model training and evaluation (6)
-
Why clowns and some AI-generated outputs can feel unsettling: not because they are simply strange, but because they imitate human cues while disrupting the signals people rely on to read emotion, intent, realism, and coherence.
-
A client-side black-box analysis of observed ChatGPT classification artifacts, separating user access, prompt demand, and capability allocation.
-
Evidence-anchored overview of how ToM is defined in psychology, how it is operationalized for LLM evaluation, and what current results do and do not justify.
-
A technically grounded explanation of sycophancy: what it is, what evidence supports, how preference optimization can produce it, and how release practice can reduce it.
-
A precise reference for nested mental-state attribution (“orders of intentionality” / “recursive mindreading”) and how these constructs are operationalized in evaluations of humans and LLMs—without implying mechanism-level Theory of Mind.
-
Why fluent LLM outputs can still be wrong, and how to enforce evidence-locked answers (retrieval + provenance + fail-closed gates).
Prompt engineering (4) Prompt engineering (4)
-
Why AI summaries, edits, extractions, and content drafts can fail before generation begins: file upload, source retrieval, active context, and full-file review are different things.
-
Vibe coding is not risky because AI can generate code. The risk starts when AI-generated code is approved without sufficient comprehension, review, security validation, and long-term ownership.
-
A practical guide to choosing the right ChatGPT layer for work: modes, search, deep research, agent mode, personalization, memory, and projects.
-
A deep dive into why prompts fail in daily work, how to design evidence-bounded prompt specifications (grounded outputs), and how to evaluate them.
Subscription
Unlock the full version and working files
This article is public. The subscription unlocks the protected workflows, full versions, and working files across Andy's AI Playbook.