LLM Fundamentals for Security People

The model sees system prompt, retrieved docs, and user input as one flat token stream — no seam. To exploit that you need to understand tokenization, embedding space, attention, chat roles, RAG, and agent tool-calling. This is the mechanics layer before the attack articles make sense.