DEV Community

Cover image for I Built Quality Control Into an AI Tool's Architecture—Here's What It Generated
Narnaiezzsshaa Truong
Narnaiezzsshaa Truong

Posted on

I Built Quality Control Into an AI Tool's Architecture—Here's What It Generated

#cybersecurity #ai #showdev #tutorial

The Strategic Insight That Changed Everything

When I tested CyberLens v1.5 on "deepfake," I expected a basic explanation of AI-generated fake videos.

Instead, the tool generated this interview-level response:

"The critical insight is that traditional trust in visual and audio evidence is fundamentally compromised by AI's ability to synthesize increasingly convincing forgeries. This means we must develop both technical detection methods and social verification frameworks while accepting that absolute visual proof may no longer exist in the digital age."

This isn't just an explanation—it's a paradigm-level insight about how deepfakes change the nature of digital trust itself.

I didn't write that. The system generated it automatically from a single keyword.

Then I tested "encryption" and got:

"The critical insight is that protecting the keys is more important than the strength of the encryption algorithm itself, since even the strongest lock is useless if someone else has a copy of the key."

This is the insight that separates junior from senior security practitioners. Many professionals obsess over algorithm selection (AES-256 vs AES-128). Smart practitioners know key management is the real challenge.

Again—automatically generated from one word.

When I tested "SQL injection":

"The critical insight is that treating user input as trusted commands breaks the fundamental boundary between data and instructions."

This is architecture-level security thinking. SQL injection isn't just "bad code gets in"—it's a category violation where data gets interpreted as instructions. This principle applies to command injection, XSS, buffer overflows, and code injection generally.

One keyword. Zero manual refinement.

How I Got Here: The v1.0 Disaster

Let me back up.

I built CyberLens during the AWS AI & ML Scholars program to explain cybersecurity concepts at three levels: kid-friendly, beginner guide, and interview-ready. The goal was simple—help people understand security without drowning in jargon.

Version 1.0 produced nonsense.

The Spider-Man Problem

Enter "phishing" and get:

"Imagine if someone dressed up as Spider-Man to trick you into giving them your lunch money! Just like how Spider-Man has his special costume..."

This appeared in 50% of outputs. The tool was obsessed with Marvel references.

The Superhero Costume Catastrophe

Enter "2FA" (two-factor authentication) and get:

"Just like how superheroes don't just wear masks—they have special costumes too—you need TWO things to prove it's really you!"

This maps to nothing. What's the mask? What's the costume? How do they relate to "something you know" vs "something you have"?

Five competing metaphors in one explanation. Complete logical incoherence.

The "Invisible Cloak" Lie

Enter "VPN" and get:

"When you use a VPN, it's like putting on an invisible cloak. No one can peek at what you're doing!"

This is dangerously wrong. VPN providers can see everything you do. VPNs don't make you invisible—they shift who can observe your traffic from your ISP to your VPN provider.

Teaching kids that VPNs make them "invisible" creates false security assumptions.

What Was Missing

No trust models. No real-world examples. No strategic insights. Just random analogies with no pedagogical framework.

Average quality: 55% (F grade)

The Scalability Realization

My first instinct was to manually refine each output:

  • Fix the phishing explanation
  • Rewrite the 2FA disaster
  • Correct the VPN misconceptions
  • Do this for ransomware, zero-trust, encryption...

Then I realized: there are hundreds of cybersecurity concepts.

  • Phishing, VPN, 2FA, ransomware ✓
  • Encryption, firewall, zero-trust ✓
  • SQL injection, XSS, CSRF ✓
  • DDoS, man-in-the-middle, privilege escalation ✓
  • EDR, SIEM, SOAR ✓
  • Deepfakes, AI poisoning, prompt injection ✓
  • Lateral movement, threat hunting, kill chain ✓

And new threats emerge constantly.

Manual per-concept refinement doesn't scale when you need to cover an expanding threat landscape.

I needed to systematize quality, not curate individual explanations.

The Architecture Shift: From Outputs to Systems

Instead of fixing Spider-Man in the phishing output, I asked: Why does the tool generate Spider-Man at all?

The answer: my widget prompts were too loose.

In PartyRock (AWS's AI app builder), you create "widgets" that generate different types of content. I had three widgets:

  1. Kid-Friendly Explanation
  2. Beginner Guide
  3. Interview Analogy

Each widget had a prompt that controlled how it responded to user input.

My v1.0 prompts were basically:

  • "Explain {concept} to a 5-year-old in a fun way"
  • "Create a beginner guide for {concept}"
  • "Provide an interview answer for {concept}"

No constraints. No quality standards. No verification.

The v1.5 Solution: Codified Quality Standards

I rewrote the widget prompts to enforce systematic quality:

For Kid-Friendly Widget:

Given {concept}, generate explanation with:

1. Analogy Introduction
   - Choose from APPROVED categories only:
     * Authority figures: teachers, parents, doctors
     * Security objects: locks, keys, boxes, letters
     * Daily scenarios: school, mail, home
   - FORBIDDEN: Spider-Man, Marvel, brands, ANY pop culture
   - Use ONE primary analogy only

2. Digital Connection
   - Explain how {concept} works in computers/internet
   - Name specific technologies
   - 2-3 sentences maximum

3. Trust Model
   - If {concept} involves visibility/access:
     * State explicitly who can see what
     * Explain tradeoffs (choosing trust, not eliminating it)
   - If {concept} involves verification:
     * Explain what's checked and by whom

4. Action Steps
   - 1-2 concrete actions
   - Reference trusted adults for guidance

CRITICAL RULES:
- No "invisible" or "magic" language
- Trust models mandatory for access/visibility concepts
- All analogies must map 1:1 to concept mechanism
Enter fullscreen mode Exit fullscreen mode

For Beginner Guide Widget:

Generate 6-part structured guide:

1. Definition (1 sentence)
2. Real-world example
   - Specific incident name and year
   - Company/organization affected  
   - Concrete consequences (numbers, damages)
   - Clear lesson for everyday users
3. How it works (5 bullet points)
4. Best practices (3-5 actionable items)
5. Simple analogy (1 sentence)
6. Trust Model
   - Who/what are you trusting?
   - What are the tradeoffs?
   - What are the limitations?

Find recent (2014+), high-profile incidents.
Prioritize original sources (company blogs, security reports).
Enter fullscreen mode Exit fullscreen mode

For Interview Widget:

Generate exactly 3 sentences:

Sentence 1: Technical definition + metaphor
Sentence 2: Core security principle (the strategic insight)
Sentence 3: Strategic implication (what this means in practice)

Total: ~75 words maximum
Focus: Demonstrate both technical and strategic thinking
Enter fullscreen mode Exit fullscreen mode

Then I Added Quality Verification

Each widget now generates an analysis checklist:

Analysis Checklist:
✓ No "invisible" language used
✓ Trust model clearly stated
✓ All mappings covered in explanation  
✓ Technical accuracy maintained
✓ [Identify any gaps or improvement areas]
Enter fullscreen mode Exit fullscreen mode

The system verifies its own outputs against quality standards.

The Results: 8 Concepts, 95% Average Quality

I tested the refined prompts across diverse concepts:

Concept Type v1.0 Quality v1.5 Quality Improvement
Phishing Social attack D (Spider-Man) A (Teacher letter) +40%
2FA Defense F (Costume nonsense) A (School locker) +45%
VPN Defense D (Invisible cloak) A- (Mail delivery) +35%
Ransomware Malware C (Mean wizard) A (Pirate/locks) +30%
Zero-trust Architecture A (ID checks)
Encryption Technology A (Envelope/lockbox)
Deepfake Emerging threat A+ (Costume/actor)
SQL injection Technical attack A+ (Note changing)

Average v1.0 Quality: 55% (F)

Average v1.5 Quality: 95% (A)

Improvement: +40 percentage points

What Changed in the Outputs

Phishing v1.5 (Kid-Friendly):

"Imagine getting a letter that looks like it's from your teacher, asking for your home address and phone number. But it's actually from someone pretending to be your teacher—a fake letter designed to trick you."

✅ Universal analogy (teacher letters)

✅ One clear metaphor

✅ No Spider-Man

Phishing v1.5 (Beginner Guide):

"Real-world example: In 2020, Twitter experienced a major phishing attack where hackers targeted employees through phone calls pretending to be from Twitter's IT department. The scammers gained access to internal systems, compromised 130 high-profile accounts (including Barack Obama, Elon Musk, and Bill Gates), and used them to promote a Bitcoin scam that collected over $120,000 from victims."

✅ Specific incident and year

✅ Named individuals (credibility)

✅ Concrete numbers

✅ Clear consequences

2FA v1.5 (Kid-Friendly):

"Just like how you need both a key and a special code to open your school locker, online accounts can use two different ways to make sure you're really you."

✅ Coherent mapping (key=password, code=2FA)

✅ Universal experience (school lockers)

❌ No superhero costume nonsense

The Real-World Examples Are Outstanding

Every beginner guide now includes a high-profile incident:

Ransomware: Colonial Pipeline 2021 (5,500 miles shut down, $4.4M ransom, fuel crisis)

VPN: NordVPN 2018 (Finland server breach, provider trust lesson)

Encryption: Home Depot 2014 (56M credit cards, $179M damages from not encrypting)

Deepfake: CEO voice scam 2019 (UK energy firm, $243K stolen)

SQL Injection: Sony PlayStation 2011 (77M accounts, $171M cost, 23-day shutdown)

These are the incidents people remember. They provide immediate context and credibility.

The Trust Models Are Sophisticated

VPN v1.5 Trust Model:

"When using a VPN, you're essentially shifting your trust from your ISP to the VPN provider. The VPN provider can see your unencrypted traffic, just like your ISP normally would. This isn't eliminating surveillance entirely—you're just choosing who gets to see your data."

✅ Explicitly states provider visibility

✅ Explains the tradeoff

✅ No "invisible cloak" lies

Ransomware v1.5 Trust Model:

"Victims face an impossible trust situation. Paying the ransom requires trusting criminals to actually provide decryption keys, while refusing to pay risks permanent data loss. Law enforcement advises against paying as it encourages future attacks, but businesses often feel they have no choice."

✅ Names it as "impossible trust"

✅ Addresses ethical dimensions

✅ Acknowledges no perfect solution

What Makes This Systematic Quality

The system works across:

Different concept types:

  • Social attacks (phishing)
  • Technical attacks (SQL injection, ransomware)
  • Defenses (2FA, VPN, zero-trust)
  • Technologies (encryption)
  • Emerging threats (deepfake)

Different complexity levels:

  • Simple concepts (2FA)
  • Complex concepts (zero-trust architecture)
  • Emerging concepts (deepfake, AI threats)

Different analogy categories:

  • Authority figures (teachers, ID checks)
  • Security objects (locks, envelopes, boxes)
  • Communication (mail, letters)
  • Impersonation (costumes, actors)

The system analyzes each concept and selects appropriate analogies automatically.

How It Works

When a user enters "encryption," the system:

  1. Analyzes concept type: protective technology, confidentiality mechanism
  2. Selects analogy category: security objects (envelope, lockbox)
  3. Maps mechanism: plaintext → ciphertext = letter → sealed envelope
  4. Determines trust model relevance: key management is critical
  5. Finds real-world example: Home Depot 2014 (breach from lack of encryption)
  6. Generates strategic insight: "Protecting keys > algorithm strength"
  7. Verifies quality: checklist confirms standards met

All automatic. No manual concept-specific tuning.

When a user enters "deepfake," the system:

  1. Analyzes concept type: AI-powered impersonation, trust crisis
  2. Selects analogy category: impersonation (actors, costumes)
  3. Maps mechanism: AI synthesis = digital costume/makeup
  4. Determines trust model relevance: verification crisis (visual proof unreliable)
  5. Finds real-world example: CEO voice scam 2019 ($243K stolen)
  6. Generates strategic insight: "Traditional trust in visual evidence fundamentally compromised"
  7. Verifies quality: checklist confirms standards met

Same process. Different concept. Consistent quality.

The Competitive Moat

What others build:

Static content libraries

  • Curated explanations for 20-50 popular terms
  • Manually written and edited
  • Gets outdated
  • Can't handle emerging threats

Basic AI generation

  • ChatGPT with simple prompts
  • Inconsistent quality
  • No verification
  • Requires expertise to evaluate

What I built:

Quality-enforcement system

  • Works for unlimited terms
  • Systematic standards automatically applied
  • Self-verifying through analysis checklists
  • Adapts to emerging concepts instantly

Example: If tomorrow someone enters "AI model poisoning" (emerging threat), CyberLens will:

  • Generate age-appropriate analogy
  • Find recent real-world examples
  • Include relevant trust models
  • Create interview-ready explanation

No manual intervention needed.

The Transferable Methodology

Here's what you can apply to any AI tool:

Step 1: Identify Quality Patterns Across Outputs

Don't just fix individual outputs. Ask:

  • What makes ANY good explanation in my domain?
  • Which standards apply universally vs. contextually?
  • What are the recurring failure modes?

For CyberLens, I found:

  • ❌ Pop culture references (Spider-Man, superheroes)
  • ❌ Multiple competing metaphors
  • ❌ Missing trust models
  • ❌ No real-world examples
  • ❌ Incoherent logic

Step 2: Codify Rules as Constraints

Turn observations into enforceable rules:

Universal constraints:

  • No pop culture (brand-independent, timeless)
  • One primary analogy (cognitive load management)
  • Trust models required (security education fundamental)

Contextual constraints:

  • Trust models for access/visibility concepts
  • Attack lifecycle for threat concepts
  • Defense strategies for protective technologies

Quality gates:

  • Real-world examples (2014+, high-profile, specific numbers)
  • Structured formats (6-part beginner, 3-sentence interview)
  • Analysis checklists (self-verification)

Step 3: Build Adaptive Logic

Create prompts that analyze input and adjust approach:

IF concept involves access control:
  → Include trust model about who sees what
  → Emphasize "shifting trust" not "eliminating surveillance"

IF concept is technical attack:
  → Find real breach example
  → Show business/consumer impact
  → Include technical mitigation strategies

IF concept is emerging threat:
  → Focus on paradigm shift
  → Generate strategic insights
  → Address verification challenges
Enter fullscreen mode Exit fullscreen mode

Step 4: Implement Quality Verification

Don't just generate—verify:

After generation, create checklist:
✓ No forbidden terms (pop culture, "invisible")
✓ Trust model present (if applicable)
✓ Analogies map coherently
✓ Technical accuracy maintained
✓ Real-world examples included
⚠️ Flag gaps or improvement areas
Enter fullscreen mode Exit fullscreen mode

The system audits itself.

Step 5: Test Across Concept Diversity

Validate the system works broadly:

  • Old and new threats
  • Simple and complex concepts
  • Technical and social dimensions
  • Protective and offensive concepts

If quality is consistent across diverse inputs, you've systematized it successfully.

What This Teaches About AI Tools

Lesson 1: AI tools aren't answer generators—they're systems that require architecture

Most people use AI like this:

  1. Enter prompt
  2. Get output
  3. Manually fix problems
  4. Repeat for every concept

This doesn't scale.

Better approach:

  1. Identify quality patterns
  2. Codify into system constraints
  3. Build verification into generation
  4. Validate across diverse inputs

Refinement happens at the architectural level, not the output level.

Lesson 2: The methodology is more valuable than any individual output

CyberLens could produce the perfect phishing explanation, but if the VPN explanation is wrong, the tool is unreliable.

Systematic quality > curated excellence

The prompts that generate 95% quality across 8 concepts are more valuable than 8 manually perfected explanations.

Because the prompts scale infinitely.

Lesson 3: Expert oversight becomes quality enforcement, not manual editing

I'm not:

  • ✅ Writing every explanation
  • ✅ Manually finding examples
  • ✅ Individually checking trust models

I'm:

  • ✅ Setting quality standards
  • ✅ Building verification systems
  • ✅ Auditing pattern adherence

My expertise is embedded in the architecture, not the outputs.

The Honest Assessment

CyberLens v1.0 flopped. Spider-Man analogies, superhero costume nonsense, dangerous misconceptions about VPNs making users "invisible."

CyberLens v1.5 is production-ready. 95% average quality across diverse concepts, strategic insights generated automatically, trust models included contextually.

But v1.5 isn't valuable because the outputs are good.

V1.5 is valuable because I systematized the process of generating good outputs.

The prompts are the intellectual property. The methodology is transferable. The architecture is the competitive moat.

Try It Yourself

The principles I used for CyberLens apply to any domain:

Medical education?

  • Identify quality patterns (analogies, trust models, real cases)
  • Codify constraints (no medical advice, cite studies)
  • Build verification (symptom/disease mapping accuracy)

Financial literacy?

  • Identify patterns (risk disclosure, real examples, behavioral traps)
  • Codify constraints (no specific investment advice, regulatory compliance)
  • Build verification (mathematical accuracy, context appropriateness)

Technical documentation?

  • Identify patterns (prerequisites, examples, common errors)
  • Codify constraints (version specificity, tested code)
  • Build verification (code syntax, link validity)

The framework is domain-agnostic:

  1. Identify quality patterns
  2. Codify as constraints
  3. Build verification
  4. Test across diversity
  5. Refine architecture, not outputs

What's Next

I'm expanding CyberLens to cover:

  • Advanced persistent threats (APT)
  • Threat hunting methodologies
  • AI security (model poisoning, adversarial ML)
  • Cloud security architectures
  • Supply chain security

I won't manually write any of these explanations.

I'll enter keywords, and the system will:

  • Choose appropriate analogies
  • Find relevant real-world examples
  • Generate strategic insights
  • Include trust models
  • Verify quality automatically

That's the power of systematized quality.

The Bottom Line

Most people who build AI tools focus on outputs.

They generate content, manually fix problems, curate examples, polish individual pieces.

I focused on systems.

I identified what makes explanations good, codified those standards into prompts, built verification into generation, and validated across diverse concepts.

The difference?

Manual refinement produced 4 good explanations.

Systematic refinement produced a tool that generates 95% quality explanations for any cybersecurity concept—past, present, or future.

Your expertise isn't about building perfect tools. It's about building systems that enforce quality at scale.

**This builds on Part I, where I showed what CyberLens v1.0 actually produced and why it failed.

Want to discuss CyberLens, AI tool architecture, or cybersecurity education? Connect with me on LinkedIn or check out my Cybersecurity Witwear.

CyberLens is available at AWS PartyRock - enter any security concept and see the systematic quality in action.

Top comments (0)