AI-Safety-Engineer-and-the-Machine: Model Security, AI Red Teaming, and Responsible Governance — From Papers to Exploits (The Professional and the Machine)

60+ papers analyzed. 23 real-world investigations. The missing layer between the model and production.This book crosses two axes rarely found in the same text: the analysis of AI provider security documentation (System Cards, Model Cards, Responsible Scaling Policies) and real offensive security research against AI tools in production.27 chapters across 8 partsThe model from the inside — System Cards, Model Cards, tokenization and attack surfaces.Alignment and constitution — Constitutional AI, system prompts, guardrails. What works and what fails.Governance — Responsible Scaling Policy, AI Act, NIST AI RMF. Frameworks with real metrics.AI red teaming — Jailbreaking, prompt injection, guardrail evasion, infrastructure attacks.Agent security — Autonomous agents, MCP, RAG, observability.4 real cases — Copilot (system prompt to RCE), Claude Desktop (sandbox escape), Electron/WebView2, kernel drivers.Building secure — Security architecture for AI, organizational programs, roles and maturity.The future — ASL-4, autonomous AI risks, innovation vs. prudence.Three layers per chapterConcept — The security principle and why it matters.Decision — Real trade-offs, discarded alternatives and the reasons behind them.Implementation — Defensive code, paper analysis or research walkthrough.Who it's forCISOs evaluating the risks of deploying AI.Pentesters looking to red team LLMs.AI architects who need security patterns.DevSecOps integrating AI into pipelines.Provider-agnostic: applies to any vendor (Anthropic, OpenAI, Google, Meta, open source). This is not theory: these are real exploits, completed responsible disclosures, and defenses built from what broke.Authors: Carlos Perez Gonzalez (OSCE, OSCP, OSWE, OSEP, CREST) and Juan C. Montes (GCFA, GREM, PHRACK #65).Book 11 of the El Profesional y la Máquina series. Read more