Series

I Gave My AI Stack a Memory. Then I Poisoned It. Here's What Broke.

ChromaDB ships with no authentication. This episode breaks the RAG stack built in 3.4A -- exfiltrating every internal document, poisoning the knowledge base to phish users via the AI, jamming retrieval with blocker documents, and deleting the entire collection. All from the network, with curl and five lines of Python.

We Gave Our AI Stack a Memory. Here's Everything That's Wrong With It.

Building a production RAG stack on ChromaDB, LangChain, and FastAPI -- and uncovering an unauthenticated vector database open to arbitrary writes from anyone on the network. Episode 3.4A of the AI Infrastructure Security Series.

AI Infrastructure Isn’t Magic — It’s the Same Problems You Already Know, Stacked Differently

Understanding how self-hosted AI is built is the fastest way to understand what ChatGPT, Claude, and Gemini are actually doing with your data — and where your discipline’s failure mode lives.