Zkuste nás kontaktovat

Návrh Školení

Module 1 — AI Systems for Security Engineers

Lab: Lab 01 — 01-Introduction

Understanding the underlying architecture.

Topics:

  • LLMs vs. normal applications
  • AI inference pipelines
  • Prompt flow
  • RAG architecture
  • Embeddings/vector databases
  • Agentic workflows
  • Tool calling
  • AI gateways
  • Copilots
  • MCP and agent protocols
  • Where WAF visibility exists
  • Where WAF visibility disappears

Key insight: Traditional WAFs often lose visibility once the prompt reaches the model.

Module 2 — OWASP GenAI Top 10

Lab: none — interactive recap/discussion

Core AI attack categories.

Topics:

  • Prompt Injection
  • Insecure Output Handling
  • Training Data Poisoning
  • Model DoS
  • Supply Chain Vulnerabilities
  • Sensitive Information Disclosure
  • Excessive Agency
  • Vector/Embedding Weaknesses
  • Misinformation
  • Unbounded Consumption

Include:

  • Differences from classic OWASP guidelines
  • Mapping to defensive controls (WAF, gateway, app-layer)
  • Where each control provides assistance
  • Where each control fails

Module 3 — Prompt Injection Detection

Lab: Lab 02 — 02-Prompt-Injection

The “SQL injection moment” for AI systems.

Topics:

  • Direct prompt injection
  • Indirect prompt injection
  • Hidden instructions
  • Document-based attacks
  • HTML/Markdown injection
  • Jailbreak patterns
  • Context override attacks
  • Role confusion attacks

Detection strategies:

  • Keyword heuristics
  • Semantic classification
  • Prompt linting
  • Instruction boundary enforcement
  • Allow/deny policies
  • AI-aware regex patterns

Hands-on labs:

  • Attack a chatbot
  • Bypass naive filters
  • Build layered detection mechanisms

Module 4 — AI-Aware WAF Rules

Lab: Lab 03 — 03-WAF-Basics

How WAF rules evolve for AI systems.

  • Topics:
  • Protecting LLM endpoints
  • Inference API protection
  • Token-aware rate limiting
  • Prompt size inspection
  • AI-specific signatures
  • Conversation anomaly detection
  • Multi-turn abuse patterns
  • Model enumeration attempts
  • Inference scraping
  • Denial-of-wallet protection

Examples:

  • Protecting /v1/chat/completions
  • Defending streaming APIs
  • Blocking recursive agent calls

Module 5 — Securing RAG Pipelines

Lab: Lab 04 — 04-RAG-Security

One of the most significant new attack surfaces.

Topics:

  • Vector DB threats
  • Embedding poisoning
  • Malicious PDFs/docs
  • Retrieval manipulation
  • Semantic poisoning
  • Hidden instructions in documents
  • Cross-document contamination
  • Data exfiltration via retrieval

Defenses:

  • Ingestion sanitization
  • Trust scoring
  • Metadata isolation
  • Document provenance
  • Retrieval policies
  • Segmentation

Case study: “Upload a poisoned PDF and take over the AI assistant.”

Module 6 — Agentic AI Security

Lab: Lab 05 — 05-Agent-Security

Where risks become dangerous.

Topics:

  • Excessive agency
  • Tool abuse
  • API chaining
  • Autonomous loops
  • Permission escalation
  • Memory poisoning
  • Indirect tool execution
  • Agent impersonation
  • Credential leakage
  • Multi-agent attacks

Defenses:

  • Least privilege for agents
  • Approval gates
  • Runtime policy engines
  • Sandboxing
  • Scoped credentials
  • Tool whitelisting
  • Human-in-the-loop

This section is typically of greatest interest to managers because the risk becomes operational and directly impacts business outcomes.

Module 7 — API Security for AI

Lab: Lab 06 — 06-Denial-of-Wallet

AI systems are heavily reliant on APIs.

Topics:

  • API gateways
  • GraphQL AI risks
  • MCP/API abuse
  • JWT protection
  • AI plugin security
  • Agent authentication
  • Delegated authorization
  • Secret management
  • Signed prompts
  • API inventory for AI

Tied into: OWASP API Security Top 10

Module 8 — Detection Engineering & SOC Integration

Lab: Lab 07 — 07-Detection

Operational defense.

Topics:

  • AI telemetry
  • Prompt logging
  • Token analytics
  • Anomaly detection
  • Semantic SIEM pipelines
  • AI attack indicators
  • Threat hunting for LLM abuse
  • AI runtime observability

Examples:

  • Detecting jailbreak campaigns
  • Spotting automated agent abuse
  • Identifying model scraping

Module 9 — Cloud WAFs and AI Security

Lab: none — interactive recap/discussion

Vendor-specific implementations.

Topics:

  • AWS WAF for AI APIs
  • Azure WAF
  • Cloudflare AI Gateway
  • API gateways
  • Envoy AI filtering
  • Kong AI Gateway
  • NGINX AI security patterns

Comparison:

  • Traditional WAF vs. AI gateway vs. app-layer guardrail
  • Proxy-based vs. semantic filtering

Module 10 — Building a Layered AI Defense

Lab: Lab 08 — 08-Layered-Defense

Important philosophical conclusion:

No single layer can secure AI effectively (a WAF least of all when acting alone).

Students build a layered model:

  1. WAF
  2. API gateway
  3. AI gateway
  4. Guardrails
  5. Runtime monitoring
  6. Identity/authorization
  7. Sandbox
  8. Human approval
  9. Observability
  10. Incident response

This aligns strongly with the “multi-layer security” model.

Module ↔ Lab map

Labs run in lab order, which follows module order.

The course consists of 10 modules but only 8 labs: Modules 2 and 9 are interactive recaps/discussions and do not include a lab.

Each lab is tagged with its corresponding module throughout this outline.

  • Lab 01 (Module 1)
    • Folder: 01-Introduction
    • Title: Explore an AI system — what's on the wire
  • Lab 02 (Module 3)
    • Folder: 02-Prompt-Injection
    • Title: Attack a chatbot & bypass naive filtering
  • Lab 03 (Module 4)
    • Folder: 03-WAF-Basics
    • Title: Build AI-aware WAF rules
  • Lab 04 (Module 5)
    • Folder: 04-RAG-Security
    • Title: Poison a RAG pipeline
  • Lab 05 (Module 6)
    • Folder: 05-Agent-Security
    • Title: Secure an autonomous agent
  • Lab 06 (Module 7)
    • Folder: 06-Denial-of-Wallet
    • Title: Detect denial-of-wallet attacks
  • Lab 07 (Module 8)
    • Folder: 07-Detection
    • Title: Monitor AI abuse patterns in logs
  • Lab 08 (Module 10)
    • Folder: 08-Layered-Defense
    • Title: Build a layered AI defense architecture

Capstone

Students defend a simulated enterprise AI assistant.

Attackers attempt:

  1. Prompt injection
  2. Tool abuse
  3. Credential theft
  4. Retrieval poisoning
  5. Excessive API consumption
  6. Agent escalation

Teams build:

  • WAF rules
  • AI gateway policies
  • Runtime detection
  • Guardrails
  • Incident response procedures

Požadavky

  • Studenti by již měli rozumět zabezpečení HTTP/API, proxy/reverse proxy, autentizaci, OWASP Top 10, REST API a základnímu cloudovému síťování

Cílová skupina

  • Bezpečnostní inženýři & AppSec
  • Analytici SOC & inženýři detekce
  • Inženýři zabezpečení API
  • Zabezpečení cloudu / API / platformy
  • DevSecOps inženýři
  • Bezpečnostní architekti
  • Specialisté na WAF / síťovou bezpečnost
  • Inženýři AI platforem
 35 Hodiny

Počet účastníků


Cena za účastníka

Reference (2)

Nadcházející kurzy

Související kategorie