ulrichdev

Free · 06 tools · for practitioners

Things I built
for the work.

Worksheets, checklists, and templates from my own consulting practice — the documents I reach for first when a team hands me a half-built LLM feature or a security review that needs to ship.

Tools
06
Sent
3.4k
Updated
'26

How this works

Three terms, plainly:

01 · Free

No paywall, no upsell, no "premium tier" emailed two weeks later.

02 · Sent once

One email with the file. That's it. No drip, no nurture sequence.

03 · Updated

Quarterly. If you grabbed an old version, the new one is on the page.

06

The library

All tools.

T·01 7Q 2 pages · A4

Worksheet · PDF

Updated · May 2026

LLM Threat-Model Worksheet

The seven questions I ask before letting any agent touch production. A two-page worksheet built from forty incident reviews. Used by security engineers, founders, and anyone who's been handed a half-built LLM feature on a Friday.

Inside

  • The seven framing questions, in order
  • A blast-radius worksheet with two worked examples
  • A short glossary of terms I'm sick of arguing about
  • Notes on running the worksheet with non-security teammates

Free · Sent once · No drip sequence

T·02 41 41 patterns · MD

Checklist · Markdown

Updated · Apr 2026

Prompt-Injection Checklist

Forty-one attack patterns and the mitigation that actually stops each one. Copy-paste into a runbook. Refreshed every quarter when a new technique appears in the wild.

Inside

  • 41 patterns, grouped by attack stage
  • Per-pattern mitigation in one sentence
  • An "assumed broken" section for things you can't actually prevent
  • Sources for every entry — no folklore

Free · Sent once · No drip sequence

T·03 SR Notion · DOCX

Template · Notion / Docx

Updated · Apr 2026

AI Feature Security Review

A pre-launch review template I run with product teams before any LLM feature ships. Covers data flow, blast radius, audit logging, eval coverage, and the four sign-offs you almost certainly forgot.

Inside

  • One-page review summary for stakeholders
  • A data-flow diagram you fill in, not redraw
  • Eight readiness gates with pass/fail criteria
  • Sign-off block — who owns what, when

Free · Sent once · No drip sequence

T·04 60 12 steps · PDF

Runbook · PDF

Updated · Mar 2026

LLM Incident Response Runbook

A twelve-step runbook for the first sixty minutes after an LLM-powered system does the thing it wasn't supposed to do.

Inside

  • First-60-minute checklist (sequenced, not parallel)
  • A Slack template for the "who is doing what" thread
  • Forensic capture commands for context windows + tool calls
  • A post-mortem prompt that does not let anyone hide

Free · Sent once · No drip sequence

T·05 VQ 28 questions · XLSX

Questionnaire · XLSX

Updated · Mar 2026

Vendor Security Questionnaire — for AI

Twenty-eight questions to put to any AI vendor before you let them near production data. Designed to fit on one screen and to be answerable in plain prose.

Inside

  • The 28 questions, in the order you should ask them
  • Notes on what a good answer sounds like
  • Red-flag patterns I see most often in vendor responses
  • Two real (anonymised) example answers, side-by-side

Free · Sent once · No drip sequence

T·06 200 JSON · MIT

Eval suite · JSON

Updated · Feb 2026

Adversarial Eval Starter

Two hundred test cases — prompt injections, jailbreaks, social-engineering attempts — packaged in a simple JSON schema that drops into most eval frameworks.

Inside

  • 200 labelled test cases across 11 categories
  • A schema doc with grading rubrics
  • A README on running the suite in CI
  • An issue template for proposing new cases

Free · Sent once · No drip sequence

The Friday Brief

New tools land here
before anywhere else.

One email · Fridays · Unsubscribe anytime