For kids and curious humans

AI for Everyone

The same ideas from the research, drawn as friendly cartoons: how a language model works, how RAG looks things up, and the OWASP LLM Top 10 security risks, explained so anyone can get them.

How AI works

Two posters: how a language model turns lots of reading into an answer, and how RAG lets it look things up first.

Cartoon: How does an LLM work? It reads lots of writing, learns patterns, you ask a question, it predicts the next word, and builds an answer. An LLM does not think like a human; it is good at finding patterns in words. — How does an LLM work?view full size

Cartoon: How RAG works. The AI looks up extra notes or books before answering. Good notes give a good answer, bad notes give a bad answer. RAG is like open-book answering. — How does RAG work?view full size

The OWASP LLM Top 10, for kids

The ten most important security risks for AI apps, each drawn by a robot who has seen some things. The grown-up version is the OWASP Top 10 for LLM Applications (2025).

Cartoon explaining OWASP LLM risk LLM01 Prompt Injection: when sneaky instructions hijack the conversation. — LLM01 Prompt Injectionview full size

Cartoon explaining OWASP LLM risk LLM02 Sensitive Information Disclosure: when the model spills secrets it was not supposed to share. — LLM02 Sensitive Information Disclosureview full size

Cartoon explaining OWASP LLM risk LLM03 Supply Chain: when a part the AI was built from is tampered with. — LLM03 Supply Chainview full size

Cartoon explaining OWASP LLM risk LLM04 Data and Model Poisoning: when bad training data teaches the model the wrong things. — LLM04 Data and Model Poisoningview full size

Cartoon explaining OWASP LLM risk LLM05 Improper Output Handling: when an app trusts the model output without checking it. — LLM05 Improper Output Handlingview full size

Cartoon explaining OWASP LLM risk LLM06 Excessive Agency: when the AI is allowed to do more than it should. — LLM06 Excessive Agencyview full size

Cartoon explaining OWASP LLM risk LLM07 System Prompt Leakage: when the model secret instructions get exposed. — LLM07 System Prompt Leakageview full size

Cartoon explaining OWASP LLM risk LLM08 Vector and Embedding Weaknesses: when the lookup memory behind RAG gets abused or poisoned. — LLM08 Vector and Embedding Weaknessesview full size

Cartoon explaining OWASP LLM risk LLM09 Misinformation: when the model says wrong things with confidence. — LLM09 Misinformationview full size

Cartoon explaining OWASP LLM risk LLM10 Unbounded Consumption: when an agent uses too many resources, causing slowdowns or big costs. — LLM10 Unbounded Consumptionview full size

A few more ideas

Two extra explainers: how someone tries to trick an AI past its safety rules, and what Base64 is (it is encoding, not encryption).

Cartoon: Robot explains LLM jailbreaking. Jailbreaking is when someone tries to trick an AI into breaking its safety rules. A safe AI notices the trick and still follows the rules. — What is AI jailbreaking?view full size

Cartoon: Robot explains Base64. Base64 turns data into text so computers can send it safely. It is encoding, not encryption: anyone can read it, like a suitcase, not a safe. — What is Base64?view full size

Want the grown-up versions? See the Agent Security Threat Model, the Agent Tool Permission Matrix, and the rest of the research.