LLM-powered applications are not magic-they are software systems built from prompts, retrieval pipelines, tools, agents, APIs, and trust boundaries. Each layer creates new opportunities for attackers.Offensive LLM Security is a practical guide for pentesters, bug-bounty researchers, application-security engineers, and developers who want to understand how modern AI applications fail. It covers direct and indirect prompt injection, jailbreaking, system-prompt extraction, insecure output handling, RAG poisoning, cross-tenant data leakage, excessive agency, MCP attacks, AI supply-chain risks, and model-serving infrastructure.Through hands-on labs, attack methodologies, measurement techniques, and complete worked engagements, readers learn how to trace attacker-controlled input through an LLM system to a privileged sink and demonstrate meaningful impact.Rather than treating AI security as a collection of clever prompts, this book applies proven application-security thinking to the full LLM stack-helping readers identify, reproduce, measure, report, and remediate real vulnerabilities.