In this conversation, Scott Brammer interviews David Brauchler, the Technical Director and Head of AI/ML Security for North America at NCC GROUP. David shares guidance on AI security from his perspective as a penetration tester building one of the most dynamic teams in the country that hammers away at LLMs and other forms of Generative AI. The discussion covers the importance of frameworks, straightforward approaches, and the unique challenges of scoping AI projects. David stresses that guardrails are only the start of success, and that tangible security must be embedded in very stage of the AI development lifecycle. David calls out specific attention to the value of dataflow diagrams, and protecting trusted sources of information. He also addresses bias in AI algorithms, and offers some ninja insights on best practices for pen testing LLMs.