Trainings

• Those who want to learn about cutting-edge AI agent security

• Foundational understanding of application security principles .
• Familiarity with threat modeling concepts, common vulnerability types (e.g., OWASP Top 10 for Web), and security testing (SAST/DAST/SCA) is beneficial.
• Basic knowledge of Python programming or scripting is recommended as labs involve reading/writing simple Python code for AI API/framework interaction.
• No prior machine learning or deep AI expertise is required. Core AI/LLM concepts relevant to agents will be introduced.
• An eagerness to experiment, a builder’s mindset, and an interest in both offensive and defensive security are key.

What skills will participants learn at your training?

• Hands-On AI Agent Engineering & Defense: Gain practical, build-centric experience in creating AI agents integrated with security tools (via MCP and frameworks), and critically, securing those agents with sandboxing, robust permission controls, prompt hardening, and diligent auditing. You’ll leave capable of architecting AI-driven workflows that are both powerful and resilient.
• Mastering AI System Threat Modeling: Develop methodologies to comprehensively threat model and risk-assess AI agent workflows. You’ll learn to pinpoint unique threat vectors in agentic systems—from sophisticated prompt injections and RAG data poisoning to malicious plugin exploits—and design effective, architecturally-sound mitigations and controls.
• Developing Offensive AI Security Skills: Cultivate an attacker’s mindset towards AI agents. Through immersive red-team style labs, you will understand precisely how adversaries exploit weaknesses such as excessive agency, tool misuse, and unchecked autonomous decision loops. This offensive insight directly informs your ability to implement proactive, robust defenses and respond effectively to AI-specific security incidents.
• MCP and Secure Tool Orchestration Expertise: Deeply understand the Model Context Protocol (MCP) and its pivotal role in standardizing AI tool usage. You will learn and apply best practices for secure tool integration—including verifying tool integrity, preventing cross-tool interference, and managing plugin supply chains—enabling you to extend AI capabilities in a controlled, secure manner within your DevSecOps pipelines.

What students should bring
A laptop with a modern web browser and reliable internet connectivity. All participants will receive access to a cloud-based lab environment with all required tools, LLMs, and agent frameworks. No special hardware or local software installations are needed.

What students will be provided with
Participants will receive: Access to course materials (slides, notes). Code samples and lab exercises. Extended access to the cloud-based lab environment for a period after the course to continue practice and experimentation.