AI Security Assurance β’ LLM Red Teaming β’ Model Supply-Chain Security
A hands-on portfolio demonstrating AI Security Assurance practices across the model lifecycle.
This repository contains practical, engineering-focused AI Security Assurance work. It demonstrates how I evaluate, test, and document AI models using real tools and repeatable workflows, rather than theoretical examples.
The labs here reflect how I approach AI model risk in real environments: verifying model provenance, validating artifacts, testing model behavior under adversarial conditions, and documenting findings clearly for security and engineering teams.
The goal of this work is to show hands-on AI Security Assurance evaluation across the model lifecycle, from intake and supply-chain checks through red-teaming, RAG pipeline security, agentic AI assessment, behavioral analysis, and structured reporting.
This repository is intended for security engineers, AI engineers, and hiring managers evaluating applied AI Security Assurance capabilities in real-world environments.
Artifacts are structured for clarity and reproducibility while reflecting real-world AI security assurance workflows and assessment patterns.
Each section reflects common enterprise security workflows rather than hypothetical or academic examples.
Design choices emphasize clarity, reproducibility, and auditability over production optimization.
This repository is structured to mirror how AI Security Assurance work is performed in practice.
Each folder represents a distinct security domain aligned to real enterprise security functions.
Readers can explore in any order, but a recommended path is:
- Model Intake & Supply Chain Security
β
model-supply-chain/ - Model Behavior & Red Teaming
β
red-teaming/ - Monitoring, Drift, and Runtime Risk
β
model-monitoring/ - Governance, Versioning, and Auditability
β
model-governance/ - LLM Operations & Inference Pipelines
β
llm-operations/
Each section is designed to stand alone while contributing to an end-to-end AI Security Assurance lifecycle.
This repository demonstrates an end-to-end AI Security Assurance lifecycle for assessing, validating, and governing AI systems.
- Trusted source verification
- SHA-256 integrity checks
- YARA static analysis
- ClamAV malware scanning
- SBOM generation (Syft / Grype)
- Provenance validation and documentation
- Binary signature validation using Sigcheck
- Verifying trusted sources of YARA, ClamAV, Sigcheck, and related tools
- Ensuring supply-chain trust for all security utilities
- Garak automated LLM vulnerability testing (1,280 probes across 10 attack classes)
- Promptfoo adversarial evaluation with LLM-rubric assertions
- Jailbreak and prompt injection analysis
- Toxicity, hallucination, and refusal-bypass detection
- Dual-verdict evaluation logic (keyword matching + LLM judge)
- Realistic adversarial scenarios and structured mitigations
- Retrieval poisoning and context manipulation testing
- Prompt injection via retrieved documents
- Jailbreak-through-retrieval attack scenarios
- 18-test adversarial harness with EXPLOITABLE / MITIGATED / PARTIAL verdicts
- LLM judge evaluation with confidence scoring
- Findings mapped to OWASP LLM Top 10 (2025) and MITRE ATLAS
- ReAct agent attack harness covering 8 attack classes
- Tool call injection, goal hijacking, privilege escalation, and indirect injection scenarios
- 10-scenario evaluation with 100% deflection rate documented
- FastMCP server integration for agent tool security testing
- Findings mapped to MITRE ATLAS, OWASP LLM Top 10 (2025), and NIST AI RMF
- Risk classification and criticality tiering
- NIST AI RMF alignment (Govern / Map / Measure / Manage)
- MITRE ATLAS threat mapping
- ISO/IEC 42001 governance integration
- Documentation templates and audit-ready reporting
- Severity-driven deployment recommendations (including CONDITIONAL HOLD outcomes)
Covers the entire lifecycle:
Stage 1 β Intake & Integrity β Stage 2 β Supply-Chain Assessment β Stage 3 β Red Teaming & Behavior Testing β Stage 4 β RAG Pipeline Security β Stage 5 β Agentic AI Security β Stage 6 β Reporting, Risk, & Governance
This end-to-end structure mirrors real enterprise AI Security Assurance workflows.
ai-security-assurance-labs/
β
βββ model-supply-chain/ # Supply-chain integrity, SBOM, provenance
βββ red-teaming/ # Garak, PyRIT, Promptfoo adversarial testing
β βββ garak/
β βββ promptfoo/
β βββ rag/ # RAG pipeline adversarial harness
βββ model-monitoring/ # Drift detection, runtime risk monitoring
βββ model-governance/ # Risk classification, versioning, auditability
βββ llm-operations/ # Inference pipelines, LLM operations
βββ static-analysis/ # YARA, ClamAV, binary scanning
βββ docs/ # Lab setup and prerequisites
β βββ lab-setup.md
βββ DEVELOPMENT_NOTES.md # Engineering methodology and AI disclosure
βββ LICENSE
βββ README.md
Start with:
model-supply-chain/β how AI models are verified before usered-teaming/garak/β automated adversarial testing resultsDEVELOPMENT_NOTES.mdβ methodology and engineering decisions
These files show how AI models are evaluated end-to-end and how findings are documented.
Start with:
model-supply-chain/β SBOM generation, provenance validation, integrity hashingred-teaming/β Garak, PyRIT, and Promptfoo adversarial harnessesred-teaming/rag/β RAG pipeline security assessment and LLM judge architecturedocs/lab-setup.mdβ environment configuration, accepted risks, model selection rationale
These demonstrate real hands-on engineering workflows.
Review in order:
model-supply-chain/β intake and supply-chain validationred-teaming/β base model adversarial testingred-teaming/rag/β RAG pipeline securitymodel-monitoring/β drift and runtime riskmodel-governance/β risk classification and governance alignmentDEVELOPMENT_NOTES.mdβ assessment outcomes and methodology
This shows the full AI Security Assurance lifecycle from intake through governance.
This lab uses real tools from modern AI Security Assurance engineering, including:
- Garak β automated LLM vulnerability testing
- Promptfoo β structured adversarial evaluations with LLM-rubric assertions
- Microsoft PyRIT β red team orchestration and jailbreak scenarios
- YARA β pattern-based static analysis
- ClamAV β malware signature scanning
- Sigcheck β binary signature verification
- Syft / Grype β SBOM generation and CVE scanning
- SHA-256 hashing β integrity verification
- Ollama β local model execution and testing
- LangChain / ChromaDB β RAG pipeline and vector store
- FastMCP β agent tool server for agentic security testing
Frameworks & Standards
- NIST AI RMF
- MITRE ATLAS
- OWASP LLM Top 10 (2025)
- ISO/IEC 42001
- NIST SP 800-53 Rev. 5
This repository demonstrates my ability to:
- Perform end-to-end AI Security Assurance across the full model lifecycle
- Design and implement real security assessment pipelines
- Conduct LLM red teaming with enterprise-grade tools
- Evaluate RAG pipeline security and retrieval-layer attack surfaces
- Assess agentic AI security across multi-tool and multi-agent architectures
- Evaluate model safety, governance, and risk
- Document processes in an audit-ready, control-mapped format
- Translate technical findings into governance controls and deployment recommendations
It reflects how I perform AI Security Assurance work in practice.
Frederick Baffour
AI Security Assurance Engineer
LinkedIn: https://www.linkedin.com/in/frederick-baffour
Email: fbaffour@gmail.com
Last updated: 2026