Liên hệ với chúng tôi

Đề cương khóa học

The AI Threat Landscape

  • Why AI security is different: non-determinism, opaque reasoning, prompt as attack surface
  • Attack taxonomy: training-time vs inference-time vs supply chain attacks
  • The ML adversary model: who attacks AI systems and why

OWASP Top 10 for LLM Applications

  • Prompt injection: direct and indirect attack vectors
  • Insecure output handling and cross-plugin request forgery
  • Training data poisoning and supply chain vulnerabilities
  • Model denial of service, sensitive information disclosure, and excessive agency
  • Hands-on lab: exploiting each OWASP category against a test application

Prompt Injection and Jailbreak Red Teaming

  • Taxonomy of injection techniques: direct, indirect, multi-turn, and multi-modal
  • Automated red-teaming with Giskard, Garak, and custom fuzzing tools
  • Jailbreak classification and defense evaluation
  • Building a red-team harness for continuous LLM security testing

Model-Level Attacks and Defenses

  • Model extraction: stealing model weights and functionality via API queries
  • Membership inference: determining if data was in the training set
  • Adversarial examples: perturbations that fool classifiers and embeddings
  • Data poisoning: corrupting training data to induce backdoors or degrade performance

Input and Output Security Controls

  • Input sanitization beyond traditional web defenses
  • Output filtering: toxicity, PII leakage, hallucinated code execution
  • Guardrails as security infrastructure: NeMo, Guardrails AI, and custom policies
  • Structured output enforcement as a security boundary

AI Supply Chain Security

  • Model provenance: verifying model authenticity and integrity
  • Dependency scanning for ML frameworks and model formats
  • Secure model serving: sandboxing, network isolation, and least-privilege access
  • Vetting fine-tuned and community models for embedded malware

Operational Security for AI Systems

  • Access control for model endpoints, vector stores, and agent tools
  • Audit logging for every model interaction and decision
  • Incident response for AI-specific breaches: when the model itself is compromised
  • Continuous security testing in CI/CD for ML pipelines

Building an AI Security Program

  • AI security maturity model and roadmap
  • Integrating AI security into existing AppSec and cloud security programs
  • Governance frameworks and emerging regulations for AI systems
  • Creating and maintaining an organizational AI security playbook

Yêu cầu

  • Experience deploying ML models or LLM applications in production.
  • Familiarity with security concepts including authentication, authorization, and threat modeling.
  • Python proficiency for adversarial testing exercises.

Audience

  • Security engineers expanding into AI/ML threat surfaces.
  • ML engineers responsible for model safety and robustness.
  • Red team members adding AI systems to their testing scope.
 14 Giờ

Số người tham gia


Giá cho mỗi học viên

Các khóa học sắp tới

Các danh mục liên quan