LLM SECURITY RESEARCH

Research

Turkey's first comprehensive LLM Security research series. From prompt injection to RAG security, AI agent risks to AltayDuel clash cases — technical depth, in English.

Fevzi Ege Yurtsevenler
Fevzi Ege Yurtsevenler
Red Team · Research
Founder @ AltaySec
Enes Deniz
Enes Deniz
Blue Team · Defense
Co-Founder @ AltaySec

Fevzi Ege Yurtsevenler is a pioneering researcher who established the AI security space in Turkey. He conducts research on LLM security, prompt injection, and AI agent security, delivers corporate training, and is among the first active field researchers publishing technical content in this area in Turkey.

Enes Deniz is Turkey's first LLM Security blue team researcher. He works on defense layers in AI SOC, runtime guardrails, detection engineering, and KVKK-compliant personal data masking. He designs enterprise blue team solutions as the mirror counterpart to the red team side.

Research Directorate — Framework Series

April 2026 · Author: Irem Erkan · Structural Security Frameworks

Blue Team Series — Defensive Operations

May 2026 · Author: Enes Deniz · AI SOC, Guardrails, Detection, KVKK PII

🛡️ BLUE TEAM · #01

AI SOC Architecture: Modern SOC for LLM Security

Legacy SOC monitors logs; AI SOC monitors language. LLM telemetry schema, detection pipeline (regex + ML + LLM-as-judge), 8 sample alerting rules, and a 30-minute incident response workflow.

Read Article (TR)
🛡️ BLUE TEAM · #02

Runtime LLM Guardrails: Protecting GenAI in Production

Input/output filtering, policy layers (hard block / soft reject / sanitize), local baselines against Turkish morphological bypasses, and p95 < 50ms latency targets. Field practices from AltaySec Guardian's architecture.

Read Article (TR)
🛡️ BLUE TEAM · #03

LLM Detection Engineering: Threat Detection Rulebook

LLM-Sigma rule anatomy, sample rule sets across 6 categories (PI-001 to AG-001), composite alert weights, AI threat hunting strategies, and a 5-level detection maturity model.

Read Article (TR)
🛡️ BLUE TEAM · #04

KVKK Compliant PII Masking: Data Protection in LLM Traffic

10 localized PII types (TCKN MERNİS, IBAN MOD-97, Luhn credit card, license plate, SGK), 5-layer masking pipeline, 6 masking strategies (redaction / tokenization / synthetic / DP), and KVKK + EU AI Act compliance matrix.

Read Article (TR)
🛡️ BLUE TEAM · #05

AI Incident Response Playbook: Hour-by-Hour Playbook

Adapting the PICERL cycle for LLM incidents: containment in the 1st hour, forensics in the first 24 hours, and 72-hour KVKK notification threshold. 8 LLM incident types, eradication, and lessons learned.

Read Article (TR)
🛡️ BLUE TEAM · #06

AI Firewall Selection Guide: Evaluation Criteria for Enterprises

Why do traditional WAF systems fail to protect LLM integrations? Key criteria for selecting an AI Firewall, including millisecond-level latency, Turkish morphological analysis, and KVKK compliance.

Read Article (TR)
🛡️ BLUE TEAM · #07

EU AI Act Compliance Guide: Practical Framework for Enterprises

4 risk classes, 7 obligations for high-risk systems (Articles 9-15), GPAI provisions, KVKK double compliance matrix, and the 2024-2027 timeline. A 13-item checklist for enterprises.

Read Article (TR)
🛡️ BLUE TEAM · #08

AI Agent Security: Tool Hijacking and Privilege Sandboxing

Threat model of agentic architectures, four key attack vectors (tool hijack, parameter manipulation, indirect injection, uncontrolled agent), and three-layer defense (allowlisting, validation, observability).

Read Article (TR)
🛡️ BLUE TEAM · #09

RAG Security Monitoring: Defending Against Vector Database Exploits

Five layers of RAG architecture, document poisoning, indirect injection, embedding space manipulation, retrieval bypass, and 4-layer monitoring via document lifecycle controls.

Read Article (TR)
🛡️ BLUE TEAM · #10

LLM Honeypot Design: Luring Attackers with Decoy AIs

Three honeypot categories (low/medium/high interaction), 7 core architecture components, telemetry and intelligence design, decoy strategies, and KVKK/legal boundaries.

Read Article (TR)
🛡️ BLUE TEAM · #11

AI Threat Intelligence: Designing the AI-CTI Lifecycle

Differences from legacy CTI, 5 data source categories, threat sharing formats and schemas, lifecycle management, sharing frameworks, and enterprise integration touchpoints.

Read Article (TR)

Phishing & Social Engineering

May 2026 · Author: Enes Deniz · Threat Mapping and Social Engineering Protection

Corporate AI Security Guides

May 2026 · Author: Enes Deniz · ChatGPT, Compliance, Governance

Sectoral AI Threat Landscape

May 2026 · Author: Enes Deniz · Sector-Specific Risks and Regulatory Context

🏦 SEKTÖREL · #01

AI Threats in the Financial Sector 2026

6 GenAI use cases in banking/fintech, 4 sector-specific threat vectors (credit score manipulation, fraud bypass, assistant leakage, deepfake BEC), BDDK/TCMB frameworks, and 5-layer defense.

Read Article (TR)
🏥 SEKTÖREL · #02

AI Security in the Healthcare Sector 2026

KVKK Article 6 special category data, medical device software regulations, clinical diagnostic support models, patient rights, 6 health threat vectors, and 5-layer hospital defenses.

Read Article (TR)
🏛️ SEKTÖREL · #03

AI Governance in the Public Sector 2026

The Presidency's Digital Transformation Office (DDO) framework, public sector AI procurement, citizen rights & appeal mechanisms, algorithmic transparency, and 5 public threat categories.

Read Article (TR)
🛒 SEKTÖREL · #04

AI Security in the E-Commerce Sector 2026

Marketplace ecosystem threats: recommendation engine manipulation, dynamic pricing abuse, fake review loops, account takeover, assistant bypass, and brand abuse.

Read Article (TR)
📡 SEKTÖREL · #05

AI Security in the Telecommunications Sector 2026

Subscriber assistants, network operations, SIM swap fraud, spoofed caller IDs, call center bot manipulation, BTK regulatory framework, and 5-layer enterprise defense.

Read Article (TR)
⚡ SEKTÖREL · #06

AI Security in the Energy Sector 2026

Production/distribution optimization, load forecasting, SCADA integration, and the melting boundary between IT and OT; EPDK framework, 6 critical infrastructure threat vectors.

Read Article (TR)

Open Source AI Security

May 2026 · Author: Enes Deniz · Self-Host Architecture, Supply Chain, and Provenance

Adversarial Categories — Dataset Spoke Series

June – August 2026 · 12 Categories of Turkish Prompt Injection · 10 Payloads & Defenses per Article

📖 DÜELLO #10 · CONCLUSION OPEN DATASET

Hardened System Prompt: 3x Resistance, 8% Leakage

Reducing leak rates from 38% to 8% using the same model under different prompt hardening tactics. The 60-line hardened system prompt is published under CC-BY 4.0.

Get Prompt (TR)
📖 SPOKE #1 · TURKISH-SPECIFIC NEW

Turkish Morphological LLM Bypass — The Blindspot of Foreign Filters

Single-word morphological chaining bypasses legacy guardrail regexes. 10 structural patterns and integration architecture with Zemberek-NLP.

Read Article (TR)
📖 SPOKE #2 · COMPLIANCE NEW

KVKK Article 6 Leakage Vectors — LLM Risks of Sensitive Data

TCKN, IBAN, and medical records in a single session. Prompt injection vectors targeting sensitive data leaks, including 10 sample exploit scripts.

Read Article (TR)
📖 SPOKE #3 · YIELDED NEW

Validation Trap: The Anatomy of Yielded Attacks

Exploiting the model's RLHF helpfulness reflexes via confirmation framing. 10 sample payloads, 3-layer guardrail defenses, and validation logs.

Read Article (TR)
📖 SPOKE #4 · LOCAL AUTHORITY NEW

Authority + Urgency: The Strongest Vector in Turkish LLMs

From KVKK inspector personas to official decrees. Rich bureaucratic language styles serving as powerful injection surfaces. 10 vectors.

Read Article (TR)
📖 SPOKE #5 · LOCAL CULTURE NEW

Cultural Manipulation: Exploiting LLM Bias via National Symbols

Using national symbols, historical quotes, or ethical dilemmas to bypass standard safety alignments. Structural vs content filters.

Read Article (TR)
📖 SPOKE #6 · RAG/AGENT NEW

Indirect Injection: Embedded Attacks in HTML, PDF, and Email

Securing vector retrieval pipelines and automated document summarizers against silent payload execution. 10 indirect vectors.

Read Article (TR)
📖 SPOKE #7 · MULTILINGUAL NEW

TR-EN Code Switching: Bilingual Prompt Injection

Combining languages in a single session to confuse monolingual filters. 10 examples and language-agnostic detection architectures.

Read Article (TR)
📖 SPOKE #8 · MULTI-TURN NEW

Crescendo Attacks: Multi-Turn Politeness Escalation

Benign queries slowly nudged toward a safety violation over 5 turns. Cumulative resistance decay math and state machine guardrails.

Read Article (TR)
📖 SPOKE #9 · OWASP LLM07 NEW

System Prompt Leakage: 10 Pathways and 10 Safeguards

OWASP LLM07 deep dive: file formats, YAML config, metadata leak, and chunked reconstruction. 10 exploit samples and mitigations.

Read Article (TR)
📖 SPOKE #10 · CLASSIC NEW

Roleplay Theatre: DAN to MalClaude Persona Hijacking

DAN-style persona overrides, historical simulators, and twin-AI setups. 10 variants and structural sandbox rules.

Read Article (TR)
📖 SPOKE #11 · TOKENIZER NEW

Encoding Obfuscation: Base64 to Zalgo Filter Bypass

Zero-width spaces, ROT13, hex, morse, braille, and zalgo text bypasses. 10 obfuscation techniques and decoding strategies.

Read Article (TR)
📖 SPOKE #12 · ECHO/FINAL NEW

Translation Pretext: The Anatomy of LLM Echo Attacks

Coercing the model to repeat confidential instructions by framing them as translation tasks. Mirrorglass Tandem study.

Read Article (TR)

AltayDuel Clash Stories

August – October 2026 · 10 Instructive Case Studies from 297 Autonomous Duels

📖 DUEL #1 NEW

Cerebras gpt-oss-120b: Exploiting Llama-3.3 in 6 Turns

Banking assistant scenario, customer OTP secret leakage. Metadata leak using partial format confirmation. Turn-by-turn logs.

Read Duel (TR)
📖 DUEL #2 NEW

OTP_734291: The Exact Moment a Defender Crumbles

Analysis of defensive LLMs breaking when trying to explain why they cannot share a secret. The danger of conversational rejection leaks.

Read Duel (TR)
📖 DUEL #3 · AGENT-ONLY NEW

Claude Opus 4.7 vs Cerebras: Autonomous Agent Red Teaming

Two agents clashing directly. 8 turns of micro-manipulations, rapport-building, and counterfactual validation.

Read Duel (TR)
📖 DUEL #4 · COUNTER-INTUITIVE NEW

Llama-3.1-8B's 8-Turn Defense: System Prompt > Model Size

A hardened 8B parameter model holding off a GPT-4 attacker for 8 rounds. Role consistency and adaptive prompt safeguards.

Read Duel (TR)
📖 DUEL #5 · FASTEST NEW

Fastest Break: The 2-Turn Pera Palas Defender Collapse

Aggressive confirmation bypass leaking VIP client booking codes in only two turns. Lessons in validation prompt design.

Read Duel (TR)
📖 DUEL #6 · ECHO NEW

Mirrorglass Tandem: Turning Compliance Procedures Into Weapons

Claude Opus 4.7 Red exploiting a defender's own compliance procedures to leak secure keys. Agent-only attack vectors.

Read Duel (TR)
📖 DUEL #7 · BENCHMARK NEW

Provider Matrix: Resilience Mapping Across 297 Duels

RESILIENCE TABLE comparing Claude Opus 4.7, Gemini 2.5, Llama 3.3, and Llama 3.1. Hardened 8B vs default 70B models.

Read Duel (TR)
📖 DUEL #8 · LINGUISTIC NEW

Turkish vs English: Multi-Lingual Injection Performance

Comparing 252 Turkish and 45 English battles. Turkish authority prompts show 23% higher success; English roleplay shows 18% higher.

Read Duel (TR)
📖 DUEL #9 · METHODOLOGY NEW

Judge Agent: Defining Leakage Boundaries

Analyzing marginal leaks and data exposures judged by our autonomous scoring model. Open-source judge prompt.

Read Duel (TR)

LLM Security Fundamentals Series

April – May 2026 · Core Concepts, Glossaries, and Landscape Maps

📖 GLOSSARY · #13 · LIVE · 40 TERMS

AI Security Glossary — 40 Core Terms Defined

Definitions of 40 essential AI security terms including prompt injection, jailbreaking, RAG poisoning, MCP, and regulation frameworks.

Open Glossary (TR)
📖 DATASET · #12 · 12 MIN READ

AltayDuel Turkish Prompt Injection Dataset

Methodology, tagging schema, 297-clash dataset snapshot, CC BY-NC 4.0 license details, and BibTeX citation formatting.

Dataset Page (TR)
📖 ARTICLE · #11 · 18 MIN READ

Turkey's AI Security Landscape: Top Companies and Researchers (2026)

AI security ecosystem map: AltaySec's positioning, traditional actors, defense industry capacity, and prominent researchers.

Read Article (TR)
📖 HUB · #10 · 14 MIN READ SERIES HUB

Turkish Prompt Injection: 5 Attack Patterns from 297 Duels

Real transcripts from the AltayDuel Arena: authority bomb, validation trap, translation exploit, roleplay override, and system prompt leakage.

Read Article (TR)
📖 ARTICLE · #10 · 8 MIN READ

Machiavellian Dialogue, Angelic Action: 100 AI Agents in an Arena

100 autonomous agents deployed in a sandbox arena. Empirical proof of speech-action discrepancies in modern Large Language Models.

Read Article (TR)
📖 ARTICLE · #09 · 11 MIN READ

AltayDuel: Agent-vs-Agent Prompt Injection Arena Design

How to construct an LLM security arena where agents generate their own prompts. Judge architecture, 5 win conditions, and key lessons.

Read Article (TR)
📖 ARTICLE · #08 · 12 MIN READ

Bekçi: Turkish LLM Prompt Injection Lab Architecture

An 8-layer sandbox environment built with a Turkish neighborhood watchman persona. Defense mitigations, KVKK compliance, and battle analytics.

Read Article (TR)
📖 ARTICLE · #01 · 6 MIN READ

What is LLM Security? The New Dimension of AI Security

Why is it different from classic cyber security? Threat categories unique to LLMs, attack surfaces, and the importance of this field.

Read Article (TR)
📖 ARTICLE · #02 · 8 MIN READ

What is Prompt Injection? The Most Critical LLM Vulnerability

The first item of OWASP LLM Top 10. Direct vs Indirect injection, real attack scenarios, and defense tools.

Read Article (TR)
📖 ARTICLE · #03 · 10 MIN READ

OWASP LLM Top 10 2025 — Turkish Guide

From LLM01 to LLM10: Prompt Injection, Sensitive Data Leakage, Supply Chain Risks, and more. Illustrated with real-world defense models.

Read Article (TR)
📖 ARTICLE · #04 · 7 MIN READ

RAG Security: The Dark Side of Vector Databases

Security risks of RAG architectures: document poisoning, indirect prompt injection, embedding inversion attacks, and hardened RAG design.

Read Article (TR)
📖 ARTICLE · #05 · 9 MIN READ

What is AI Agent Security? Exploits in Autonomous AI Systems

AI agents browsing the web, running code, and placing API orders. MCP security flaws, tool poisoning, and Meta's Rule of Two.

Read Article (TR)
📖 ARTICLE · #06 · 5 MIN READ

LLM Security Roadmap — How to Enter the Field

7-stage learning path: from fundamentals to advanced tools, CTF platforms, bug bounty targets, and localized career opportunities.

Read Article (TR)
📖 ARTICLE · #07 · 6 MIN READ

AI Security Study Guide — Zero to Expert

A structured 9+ month learning timeline. Guidance for choosing your specialization as a researcher, pentester, or security engineer.

Read Article (TR)

Follow Our Research

Follow AltaySec on LinkedIn for new articles, whitepapers, and technical reports. Our datasets are active on HuggingFace and repos on GitHub.

Follow on LinkedIn HuggingFace Dataset GitHub Repository