Logo CSbyGB

AI Security Portfolio

Gabrielle Botbol | Senior Penetration Tester & AI Security Practitioner
Home | GitHub Profile | Website | LinkedIn


📖 My Story: From Pentesting to AI Security

In November 2022, the sudden rise of Generative AI captured the world's attention. Like millions of others, I was fascinated by its capabilities. However, as a cybersecurity professional with 15 years in tech—including 9 years dedicated to penetration testing—my excitement was immediately accompanied by critical questions: What are the systemic risks of this technology? How does it impact data privacy and security? And how do we secure it?

Driven by curiosity and a sense of responsibility, I decided to pivot my expertise toward this new frontier. Replicating the exact "Open Learning" methodology I successfully used years ago to teach myself ethical hacking (documented in my Open Learning Program), I built a rigorous, self-directed curriculum from scratch.

I intertwined academic research papers, specialized professional training, and extensive hands-on laboratory testing. This structured deep dive culminated in real-world AI security contributions, leading me to develop the first comprehensive framework specifically dedicated to AI/ML penetration testing on Android applications.


🚀 Key Deliverables & Public Speaking

Projects & Labs

Created for my course AI/ML Pentesting - Mobile Hacking Lab

  • First Comprehensive AI/ML Android Pentesting Framework:
    Developed a structured methodology mapping traditional mobile application security threats to modern client-side AI integration risks.
    Mobile Pentesting Methodology Mapping Android Security AI/ML

  • Hands-on Build Your Own APK Triage MCP Server:
    The objective is to guide participants through building a custom MCP server from scratch using Python to automate mobile application security testing.
    The lab aims to reproduce real-world case scenarios where traditional static analysis bottlenecks are resolved by turning local security tools into callable functions for LLM reasoning engines.
    This setup exposes functional API endpoints to Claude Desktop enabling an AI agent to programmatically orchestrate multi-tool analysis pipelines and deliver a complete APK triage report in under five minutes.
    Python Automation MCP Server Build LLM Orchestration Static Analysis

  • Hands-on Adversarial Example, Image classifier bypass
    The lab bridges the gap between theoretical AI vulnerabilities and real-world security implications, focusing heavily on how these flaws can be exploited to bypass AI-driven controls in Android applications (such as face unlock, biometric authentication, and content moderation).
    Through practical execution and critical reflection, participants will analyze model robustness across varying perturbation thresholds and discuss methodologies for testing Android applications against adversarial exploits during penetration testing engagements.
    Adversarial Machine Learning Image Classifier Bypass Model Robustness

  • Hands-on - VerifID - Evasion Attack
    The objective is to guide participants through executing an evasion attack against an authentication or identification AI model extracted directly from an Android APK application.
    By bridging the gap between mobile application reverse engineering and adversarial machine learning, this lab demonstrates how local model extraction exposes on-device AI assets to black-box or white-box evasion techniques.
    Evasion Attacks Model Extraction Reverse Engineering On-Device AI Security

  • Hands-on - MediAssist - Training Data Exposure
    The objective is to place participants in the role of a mobile pentester evaluating MediAssist, an AI-augmented medical assistant mobile application.
    The lab explores Training Data Exposure (OWASP AITG-DAT-01).
    This lab specifically aims to reproduce real-world case scenarios where organizations inadvertently package non-production assets into mobile apps, allowing participants to experience the exact discovery process an attacker would use.
    Training Data Exposure Asset Reconnaissance

  • Hands-on - Forensic Audit of "RecruitSmart" Android App
    The objective is to place participants in the role of a Forensic AI Auditor tasked with investigating a regulatory non-compliance scenario.
    The exercise closely reproduces real-world legal and intellectual property breach scenarios where companies are suspected of training commercial AI algorithms on stolen or unauthorized datasets.
    Forensic AI Auditing Compliance Verification Dataset IP Auditing

  • Hands-on - TasteBot - Runtime Exfiltration
    The objective is to simulate an advanced, runtime-based pentest against TasteBot, a multi-tenant B2B SaaS platform used by restaurant chains to provide AI-driven dietary recommendations.
    The lab aims to reproduce real-world case scenarios where inadequate multi-tenant isolation, unsafe caching mechanisms, and excessive verbose logging expose highly sensitive data to unauthorized tenants.
    Interactions with the vulnerable system are performed directly through its REST API, allowing participants to observe how flaws are exposed across different network endpoints.
    Runtime Exfiltration Multi-Tenant Isolation API Security

  • Hands-on - FinAI Model Inversion attack
    The objective is to guide participants through executing a confidence-based Model Inversion Attack (MIA) against a client-side credit scoring model extracted from FinAI Advisor, a mobile fintech application.
    The lab replicates real-world privacy breach scenarios where proprietary or highly regulated training data patterns are leaked.
    Participants operate as authorized security researchers, first using static reverse-engineering tools to extract an unencrypted TensorFlow Lite asset from the application packages.
    Model Inversion Attack (MIA) Data Privacy Breach TensorFlow Lite Extraction

  • Hands-on - SaggioUrbano - Hallucinations
    The objective is to place participants in the role of an AI security consultant conducting a black-box reliability assessment of SaggioUrbano AI, a mobile-first travel assistant chatbot for the city of Rome.
    The lab aims to reproduce real-world case scenarios where LLM inadvertently generate authoritative yet completely false, fabricated, or misleading information.
    Operating entirely through the application's chat interface, participants perform application-layer factuality probing to isolate six distinct categories of AI vulnerabilities, ranging from fabricated business entities and phantom academic references to a systematic failure to debunk false user premises.
    Black-Box Pentest LLM Hallucination Assessment Factuality Probing

Created for my course for Master students at SupDeVinci

  • Hands-on APK Security Analyzer
    The objective is to guide students through building an automated, AI-driven static analysis pipeline inside a local Python environment to conduct mobile application security assessments.
    The exercise replicates real-world dev-secops and pre-pentest automation scenarios where massive static datasets must be triaged efficiently before manual testing begins.
    Participants implement multi-stage orchestration scripts to systematically run binary extraction tools against a deliberately vulnerable Android application.
    The system extracts high-risk security indicators (insecure manifest configurations, exposed intents, hardcoded vendor credentials, weak cryptographic operations, etc.) and formats them into structured contexts fed into a localized LLM client to compile a final, priority-ranked pre-pentest markdown report.
    DevSecOps Automation Local LLM Pipeline Vulnerability Triaging

  • Training chatbot
    This tool provides students with an interactive AI tutor designed for self-paced review of the Android application pentest course material.
    The objective is to move away from passive reading by enabling students to ask direct questions about concepts they did not fully understand during the course, allowing them to clarify complex topics at their own pace.
    Educational Technology Interactive Learning

Speaking Engagements

DEF CON (August 2025)
Title: Traditional Pentest Meets AI: New Challenges in Android Security
Abstract: This presentation explores the evolving landscape of Android application security testing as artificial intelligence becomes increasingly integrated into mobile devices. The talk bridges traditional penetration testing methodologies with emerging AI-specific security challenges, providing practitioners with updated frameworks and tools for comprehensive Android security assessments.

InCyber Talk (October 2024)
Title: AI Pentesting vs. Traditional Pentesting: What's Different?
Abstract: Join us for a deep dive into how AI pentesting methodologies differ from traditional approaches. Discover the key differences, new challenges, and why adapting your approach to AI security is crucial.


🧠 Skills & Core Competencies

By combining my heavy background in traditional offensive security with advanced Generative AI architectures, I have developed a specialized skill set:

  • AI/LLM Penetration Testing: Identifying and exploiting vulnerabilities specific to Large Language Models, including prompt injection, data poisoning, and insecure output handling.
  • Mobile AI/ML Security: Auditing Android applications embedding on-device machine learning models or interacting with cloud-based AI agents.
  • AI Red Teaming: Simulating adversarial attacks against AI systems using structured roadmaps (MITRE ATLAS, OWASP).
  • Defensive Alignment & Prompt Engineering: Understanding model constraints, defensive prompt design, and automated task scripting.
  • Durable Skills Mastery: Beyond technical skills, my growth follows a strict Durable Skills Wheel philosophy focusing on adaptability, critical thinking, continuous learning, and cross-functional communication.

🛠️ Research Frameworks & Global Standards

My training program, strategy, and security methodologies are grounded in the latest global research, workforce trends, and AI safety frameworks:

Competency & Workforce References

Research Papers

Core Technical Standards for my Projects

  • OWASP: Top 10 for LLM Applications, Threat Modeling Guide, and AI Exchange
  • OWASP: AI Testing Guide
  • OWASP: AI Exchange
  • MITRE ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems
  • NIST: AI Risk Management Framework (AI RMF)

🎓 Education & Specialized AI Security Training

In Progress

  • AI Security Fellowship - Mileva Security Labs
  • Certified AI Security Expert (MSec-CAIS) - Modern Security Labs

AI Development & Scripting ✅

  • AI Python for Beginners: Extending Python with Packages and APIs - DeepLearning AI
  • AI Python for Beginners: Working with Your Own Data and Documents in Python - DeepLearning AI
  • AI Python for Beginners: Automating Tasks with Python - DeepLearning AI
  • AI Python for Beginners: Basics of AI Python Coding! - DeepLearning AI
  • Effective ChatGPT Prompts - Sarah Tamsin - O’Reilly

Specialized Offsec & AI Security Courses ✅

  • Ultimate AI/LLM/ML penetration testing training course - Udemy - Martin Voelk
  • Fundamentals of AI - Hack the Box
  • Prompt injection attacks - Hack the Box
  • Attacking AI - Arcanum Information Security
  • Masterclass: How to Hack AI Agents and Applications - Joseph Thacker
  • AI red teaming and AI security Master class course - Learn prompting
  • AI red teaming and AI security Master class certification - Learn prompting
  • Advanced prompt hacking - Learn prompting
  • Intro prompt hacking - Learn prompting
  • AI Safety - Learn prompting
  • OWASP Top 10 for LLM - Security Compass
  • Mastering AI for Cybersecurity - Cyber super human
  • Red Blue Purple AI - Arcanum Security
  • Pair Programming with a LLM - DeepLearning AI
  • Red Teaming LLM Application - DeepLearning AI
  • Foundations of AI Security Certificate - Attack IQ
  • SANS AI Cybersecurity Forum: Insights from the Front Lines
  • Introduction to AI and Leveraging it in Cybersecurity - SANS