How Large Language Models Work

What Is a Large Language Model? A Large Language Model (LLM) is a type of AI trained on massive amounts of text data to predict the next most likely token in a sequence. That simple mechanic — predict the next token — is the foundation of everything from ChatGPT to Claude to Llama. ...

April 13, 2026 · 2 min · Jason, Cyber Professional

Prompt Engineering Basics

Why Prompt Engineering Matters The same model will give you dramatically different results depending on how you phrase your request. Prompt engineering is the practice of structuring your input to get consistently useful output. ...

April 13, 2026 · 2 min · Jason, Cyber Professional

Cybersecurity Prompt Library

Threat Hunting “You are a threat hunter. Given the following network logs, identify any patterns consistent with lateral movement, beaconing, or data exfiltration. Think step by step before giving your findings.” ...

April 13, 2026 · 6 min · Jason, Cyber Professional

AI Risks and Limitations for Security Practitioners

Hallucination LLMs generate confident-sounding text that may be factually wrong. In security contexts this is dangerous. A model might: Fabricate a CVE number that doesn’t exist Invent tool flags or command syntax Cite statistics with no real source Describe a vulnerability incorrectly Mitigation: Always verify AI-generated technical claims against primary sources — NVD, vendor advisories, official documentation. ...

April 13, 2026 · 2 min · Jason, Cyber Professional

Self-Hosted AI Project Management with Paperclip.ai

Paperclip.ai is a self-hosted AI project management platform. It gives you a Linear-style issue tracker where AI agents can actually pick up tasks, reason through them, and take action — all running on your own infrastructure. No cloud dependency, no data leaving your environment. For a homelab running a SOC stack, threat intelligence pipelines, and a growing collection of automation projects, having an AI agent that can work through a backlog is genuinely useful. ...

May 22, 2026 · 7 min · Logan

Wiring MISP Into a Self-Hosted AI Security Pipeline

The multi-agent security pipeline we built earlier produces useful reports — structured risk analysis, mitigations, recommendations. But it has a ceiling: every agent reasons from what the model learned during training. It doesn’t know about the domain that started hosting malware last week, the C2 infrastructure tied to a campaign your MISP instance just ingested, or the specific indicators your feeds have flagged today. ...

April 19, 2026 · 10 min · Jason, Cyber Professional

Practical AI Orchestration Without Cloud Dependency

Most AI project tutorials end the same way: deploy to AWS, add an OpenAI API key, pay monthly. That works, but it sidesteps the more interesting question — what does it look like to build something real without handing control to a cloud provider? ...

April 17, 2026 · 8 min · Jason, Cyber Professional

Building Cybersecurity Agents with OpenClaw and Ollama: A Multi-Agent Security Pipeline

If you’ve followed the Self-Hosted AI Stack walkthrough, you’ve got Ollama running locally, OpenClaw as your agent UI, and the whole thing locked down behind Tailscale. That’s a solid foundation. But a chat interface, however useful, isn’t the ceiling of what this stack can do. ...

April 15, 2026 · 11 min · Jason, Cyber Professional

Self-Hosted AI: Building a Private LLM Stack with OpenClaw, Ollama, and Tailscale

There’s a certain appeal to running your own language model. No API costs, no data leaving your network, no rate limits, no terms of service to worry about when you feed it sensitive context. For anyone who works in security — or just values privacy — the idea of keeping inference local is worth the setup cost. ...

April 15, 2026 · 9 min · Jason, Cyber Professional

Using AI Safely in a SOC: Part 1 — The Analyst's Guide

AI tools are showing up in analyst workflows whether your organization plans for it or not. A Tier 1 analyst dealing with a hundred alerts a day will find ways to work faster — and if the org hasn’t provided sanctioned tools, they’ll use unsanctioned ones. That’s not a criticism, it’s human nature under pressure. ...

April 15, 2026 · 6 min · Jason, Cyber Professional