# Weekly Dev Log 2026-W07 > Source: > Published: 2026-05-29 00:18:11+00:00 ## πŸ—“οΈ This Week - Completed two more sections of the SwiftUI tutorial 🦾 As I continue working through the tutorial, I can feel my understanding of **SwiftUI fundamentals becoming more solid**πŸ”₯ - It was **my first time posting a standalone article** about reverse engineeringπŸ“ If you're interested, feel free to check it out πŸ‘‡ - **I started creating UI designs for my future portfolio website in Figma.** I was able to roughly sketch out the overall structure of the site, but I also realized **how difficult it is to create modern and stylish UI designs.** (It really made me realize I don’t have much design sense yet πŸ˜‚πŸ’¦) - While struggling with the design process, I came across several articles about **Figma MCP**. That made me interested in exploring how generative AI could help with UI design ideas, so **I decided to start researching Figma MCP further.** - Completed **Securing AI Systems** room from the AI Security Learning Path on TryHackMe this weekπŸ€– ## πŸ“± iOS (SwiftUI) - Worked through the SwiftUI tutorial and completed "Create an Algorithm for Badges" and "Add inclusive features" ## 🌐 Web Development - Posted my weekly dev log on Dev.to and a standalone article about my first attempt at reverse engineering πŸ“ - Created rough portfolio website UI layouts in Figma - Used shadcn/ui component library design templates in Figma - Started learning UI design in Figma using community resources ## πŸ” Security (TryHackMe) - Completed Securing AI Systems room (part of the AI Security Learning Path) on TryHackMe. # πŸ’‘ Key Takeaways ## πŸ“± SwiftUI Learning ### Add inclusive features - Learned that SwiftUI automatically adapts UI elements for Light and Dark Mode by default. - Learned how to preview and compare Light and Dark Mode layouts in the Xcode canvas. - Understood that system-provided semantic styles help SwiftUI automatically adjust UI appearance. - Learned that SwiftUI uses view modifiers to customize `ScrollView` behavior. - Understood that `.scrollBounceBehavior(.basedOnSize)` only enables bouncing when the content is larger than the visible area. - Learned that `.defaultScrollAnchor(.center, for: .alignment)` centers smaller content inside a `ScrollView` . - Learned that the `dynamicTypeSize` modifier can be applied to any SwiftUI view. - Learned how `AttributedString(localized:)` supports localization-aware text in SwiftUI. - Understood that `(inflect: true)` automatically changes words like β€œDay” and β€œDays” based on the number value. - Learned that SwiftUI can apply different font styles to specific parts of an `AttributedString` . - Realized that Apple provides built-in grammar inflection support for more natural localized UI text. ## 🌐 Web Development Learning - Reviewed several useful functions in Figma - Learned the importance of focusing on the overall page layout before designing detailed UI components ## πŸ” TryHackMe Learning ### Securing AI Systems #### Task 2 Anatomy of an AI System - Traditional apps use deterministic logic, while AI systems rely on probabilistic model inference. - AI systems accept free-form natural language, making input validation much harder. - Prompt Construction combines the system prompt, user input, and retrieved context before sending data to the LLM. - **RAG** allows LLMs to retrieve external knowledge from a vector store or other data sources. - A vector store contains embedded representations of internal documentation for retrieval-augmented generation (RAG) - Trust boundaries are points where data moves between different security contexts. - Major trust boundaries include user-to-system, system-to-LLM, LLM-to-tools, and system-to-user. - LLM-to-tools is especially sensitive because model output can trigger real actions. - Tool layers may execute database queries, API calls, or file operations on behalf of the LLM. - Security controls are needed at every boundary to reduce prompt injection and data leakage risks. #### Task3 The AI Attack Surface - Studied the **OWASP LLM Top 10** and how major risks affect AI-integrated systems. - Learned that **MITRE ATLAS** documents adversary tactics and exploitation techniques for AI systems. - Studied how **the NIST AI RMF** approaches AI security from a governance and risk management perspective. - Learned the difference between OWASP (vulnerabilities), ATLAS (attack techniques), and NIST AI RMF (risk governance). #### Task4 System-Level Threats - Studied how LLM10 Unbounded Consumption can cause resource exhaustion and extreme cost increases through excessive requests. - Learned that system prompts may leak internal rules, tool information, and architecture details if exposed.(LLM07). - Understood that LLM output must never be trusted as safe input for downstream systems.(LLM05) - Learned that Excessive Agency occurs when AI systems are given unnecessary permissions, tools, or autonomy.(LLM06) - Learned that users may unintentionally leak sensitive information when using AI systems.(LLM02) - Studied how the OWASP LLM risks relate to the CIA triad across confidentiality, integrity, and availability. #### Task 5 Secure Design Patterns - Learned that security controls are most effective when applied during the design stage of AI systems. - Learned that layered controls reduce the risk of end-to-end attack success. - Understood **the importance of least privilege for AI tools, API tokens, and database access.** - Learned that write operations should require human approval before execution. - Studied how input and output validation reduce **prompt injection** and downstream injection risks. - Learned that **MLSecOps** integrates security throughout the AI and machine learning lifecycle. # πŸš€ Next Week - Complete the badge algorithm in the SwiftUI tutorial. - Continue posting small articles on Dev.to. - Explore Figma MCP and experiment with generating UI design ideas using AI. - Continue working on the AI Security Learning Path. # 🌈 Goals for This Year ## πŸ“± iOS (SwiftUI) - Build a solid foundation in SwiftUI and create at least one iOS app. ## 🌐 Web Development - Continue posting learning logs on Dev.to and eventually turn them into a portfolio site using React Router v7. ## πŸ” Security (TryHackMe) - Continue learning cybersecurity on TryHackMe.