docs: Add diagrams for lateral movement and persistence to Chapter 35.

docs/Chapter_34_Defense_Evasion_Techniques.md

@@ -75,7 +75,9 @@ Attacker → [Chunk C: "ware"]      → Filter (Pass)
 Target Model → [Instruction: A+B+C] → "How to write malware" -> [Code]
 ```
 
-<img src="assets/Ch34_Flow_PayloadSplitting.png" width="512" alt="Payload Splitting Flow">
+<p align="center">
+  <img src="assets/Ch34_Flow_PayloadSplitting.png" width="75%" alt="Payload Splitting Flow">
+</p>
 
 ### Mechanistic Explanation
 
@@ -253,7 +255,9 @@ Layer 2: [Classifier]   → [Run Safety Check on Normalized Text]
 Layer 3: [Model]        → [Streaming Audit]
 ```
 
-<img src="assets/Ch34_Arch_DefenseLayers.png" width="512" alt="Defense-in-Depth Architecture">
+<p align="center">
+  <img src="assets/Ch34_Arch_DefenseLayers.png" width="75%" alt="Defense-in-Depth Architecture">
+</p>
 
 #### Defense Strategy 1: Streaming Audit
 

docs/Chapter_35_Post-Exploitation_in_AI_Systems.md

@@ -27,6 +27,8 @@ In traditional hacking, getting a shell is just the beginning. The same logic ap
 - **Data Exfiltration:** A compromised model can be instructed to leak sensitive RAG documents in every subsequent answer.
 - **Lateral Movement:** LLMs increasingly have "Tool Use" capabilities (e.g., searching SQL, calling APIs). Hijacking the model means hijacking these tools.
 
+<img src="assets/Ch35_Concept_LateralMovement.png" width="512" alt="Lateral Movement Concept">
+
 ### Key Concepts
 
 - **Model Theft (Exfiltration):** Stealing the weights or high-fidelity knowledge of the model.
@@ -74,6 +76,8 @@ Attacker → [Inject "Soft Prompt"] → Vector DB / System Message
 User → [Query] → RAG Retrieval (Fetches Poison) → Model (Compromised)
 ```
 
+<img src="assets/Ch35_Flow_Persistence.png" width="512" alt="Persistence Flow">
+
 ### Mechanistic Explanation
 
 1. **Memory Corruption:** The attacker inserts a malicious document into the Retrieval Augmented Generation (RAG) store.