The OWASP LLM Top 10: A Practitioner's Field Guide

I’ve spent the last couple of years watching teams bolt an LLM onto a product and then look genuinely surprised when it does something dumb, dangerous, or both. The pattern is always the same. Ship first, wonder about security later. So when OWASP put together a Top 10 specifically for LLM applications, I was relieved. Finally there’s a shared vocabulary I can point at during a review instead of explaining prompt injection from scratch for the hundredth time. ...

July 5, 2026 · Carl Sampson

Book Review: The Developer's Playbook for Large Language Model Security: Building Secure AI Applications

I’ve been doing application security long enough to get twitchy whenever a book has “AI” on the cover. Most of what crosses my desk in that genre is hype wearing a lab coat. Lots of talk about the future, very little you can use on a Monday morning. So I cracked open Steve Wilson’s The Developer’s Playbook for Large Language Model Security: Building Secure AI Applications expecting the usual letdown. I was wrong, and I’m glad to say so. ...

June 22, 2026 · Carl Sampson