🧠 LLM Security Fundamentals

Learn how LLMs work, what tokens and context windows are, and why understanding AI architecture matters for security professionals.

🚗 Driving vs Engineering

Most people can drive a car.

Few understand:

• Engine systems
• Transmission
• Fuel injection

Similarly:

• Many people use AI
• Few understand how it works

Security professionals need deeper knowledge.

📖 What Is An LLM?

LLM stands for:

Large Language Model

An LLM predicts the most likely next pieces of text based on patterns learned during training.

Think of it as an extremely advanced prediction engine.

🔤 What Are Tokens?

LLMs don’t read text like humans.

They process:

Tokens

A token may be:

• A word
• Part of a word
• A symbol
• A number

Tokens are the language AI understands internally.

📚 Context Window

Every LLM has a memory limit for a conversation.

This is called:

Context Window

If too much information is provided:

• Older content may be forgotten
• Important details may disappear

🎓 Training vs Using

Two different phases exist:

• Training
• Inference

Training:

• Model learns patterns
• Extremely expensive

Inference:

• You ask questions
• Model generates responses

📂 What Is RAG?

RAG means:

Retrieval Augmented Generation

Instead of relying only on training:

The AI retrieves information from external sources before answering.

Examples:

• Company Documents
• Knowledge Bases
• Security Policies
• Internal Wikis

⚙️ RAG Workflow

🤖 What Is An AI Agent?

Traditional AI:

• Answers questions

AI Agent:

• Can perform tasks
• Can use tools
• Can make decisions
• Can automate workflows

Agents introduce additional security considerations.

🔌 What Is MCP?

MCP (Model Context Protocol) helps AI systems connect to:

• Databases
• File Systems
• Business Applications
• Cloud Platforms

More access means more security responsibilities.

🏢 Enterprise AI Architecture

User

↓

AI Application

↓

RAG Layer

↓

LLM

↓

Response

Every layer introduces security considerations.

⚠️ Why Security Teams Care

Understanding LLM architecture helps identify:

• Prompt Injection Risks
• Data Leakage Risks
• Unauthorized Access Risks
• Agent Abuse Risks
• Supply Chain Risks

These topics become critical in later chapters.

🔮 Modern Security Teams Need To Understand

🏆 Key Lesson

Security professionals don’t need to become AI researchers.

But they must understand how AI systems operate.

Understanding Architecture
Improves Security

🛡 OWASP Top 10 For LLM Applications

Learn the most important security risks affecting AI applications today, including prompt injection, data leakage, insecure outputs, excessive agency, and AI supply-chain attacks.