Akshay Maru
All work

Open source

mii-ai-security

Think like an attacker. Ship like a defender.

Stack
Python · machine-readable skill index
Distribution
MIT · npm: miii-security
Coverage
58 skills · 12 domains

The problem

Teams ship production LLM systems faster than the security practices around them mature. There is plenty of high-level advice about prompt injection and data leakage, and very little that an engineer can actually pick up and apply during a review.

The decisions that mattered

  • Structure security as skills, not prose. 58 SKILL.md guides, each with an attacker mental model, a control table with severity ratings, and quick wins you can ship today.
  • Make it framework-native. Controls are written for LangChain, LlamaIndex, Semantic Kernel, AutoGen, CrewAI and others, because generic advice dies on contact with a real codebase.
  • Map everything to OWASP LLM Top 10 and MITRE, so the work plugs into how security teams already think.
  • Ship a machine-readable index, validation pipeline, adversarial fixtures, and red-team scripts, so the framework is testable, not just readable.

Why it matters to me

I do AI security as part of my day job at a cybersecurity company. This is me turning that into something portable: the review I wish every team running LLMs in production had open in a tab.