Programa do Curso
Module 1 — AI Systems for Security Engineers
Lab: Lab 01 — 01-Introduction
Understanding the architecture.
Topics:
- LLMs vs normal apps
- AI inference pipelines
- Prompt flow
- RAG architecture
- embeddings/vector databases
- agentic workflows
- tool calling
- AI gateways
- copilots
- MCP and agent protocols
- where WAF visibility exists
- where WAF visibility disappears
Key insight: Traditional WAFs often lose visibility after the prompt reaches the model.
Module 2 — OWASP GenAI Top 10
Lab: none — interactive recap/discussion
Core AI attack categories.
Topics:
- Prompt Injection
- Insecure Output Handling
- Training Data Poisoning
- Model DoS
- Supply Chain Vulnerabilities
- Sensitive Information Disclosure
- Excessive Agency
- Vector/Embedding Weaknesses
- Misinformation
- Unbounded Consumption
Include:
- Differences from classic OWASP
- Mapping to defensive controls (WAF, gateway, app-layer)
- Where each control helps
- Where each control fails
Module 3 — Prompt Injection Detection
Lab: Lab 02 — 02-Prompt-Injection
The “SQL injection moment” for AI.
Topics:
- Direct prompt injection
- Indirect prompt injection
- Hidden instructions
- Document-based attacks
- HTML/Markdown injection
- Jailbreak patterns
- Context override attacks
- Role confusion attacks
Detection strategies:
- keyword heuristics
- semantic classification
- prompt linting
- instruction boundary enforcement
- allow/deny policies
- AI-aware regex patterns
Hands-on labs:
- Attack a chatbot
- Bypass naive filters
- Build layered detection
Module 4 — AI-Aware WAF Rules
Lab: Lab 03 — 03-WAF-Basics
How WAF rules evolve for AI systems.
- Topics:
- protecting LLM endpoints
- inference API protection
- token-aware rate limiting
- prompt size inspection
- AI-specific signatures
- conversation anomaly detection
- multi-turn abuse patterns
- model enumeration attempts
- inference scraping
- denial-of-wallet protection
Examples:
- protecting /v1/chat/completions
- defending streaming APIs
- blocking recursive agent calls
Module 5 — Securing RAG Pipelines
Lab: Lab 04 — 04-RAG-Security
One of the biggest new attack surfaces.
Topics:
- vector DB threats
- embedding poisoning
- malicious PDFs/docs
- retrieval manipulation
- semantic poisoning
- hidden instructions in documents
- cross-document contamination
- data exfiltration via retrieval
Defenses:
- ingestion sanitization
- trust scoring
- metadata isolation
- document provenance
- retrieval policies
- segmentation
Case study: “Upload a poisoned PDF and take over the AI assistant.”
Module 6 — Agentic AI Security
Lab: Lab 05 — 05-Agent-Security
Where things become dangerous.
Topics:
- excessive agency
- tool abuse
- API chaining
- autonomous loops
- permission escalation
- memory poisoning
- indirect tool execution
- agent impersonation
- credential leakage
- multi-agent attacks
Defenses:
- least privilege for agents
- approval gates
- runtime policy engines
- sandboxing
- scoped credentials
- tool whitelisting
- human-in-the-loop
This section is particularly relevant for managers due to the operational and business-impacting nature of these risks.
Module 7 — API Security for AI
Lab: Lab 06 — 06-Denial-of-Wallet
AI systems are API-heavy.
Topics:
- API gateways
- GraphQL AI risks
- MCP/API abuse
- JWT protection
- AI plugin security
- agent authentication
- delegated authorization
- secret management
- signed prompts
- API inventory for AI
Tie into: OWASP API Security Top 10
Module 8 — Detection Engineering & SOC Integration
Lab: Lab 07 — 07-Detection
Operational defense.
Topics:
- AI telemetry
- prompt logging
- token analytics
- anomaly detection
- semantic SIEM pipelines
- AI attack indicators
- threat hunting for LLM abuse
- AI runtime observability
Examples:
- detecting jailbreak campaigns
- spotting automated agent abuse
- identifying model scraping
Module 9 — Cloud WAFs and AI Security
Lab: none — interactive recap/discussion
Vendor-specific implementations.
Topics:
- AWS WAF for AI APIs
- Azure WAF
- Cloudflare AI Gateway
- API gateways
- Envoy AI filtering
- Kong AI Gateway
- NGINX AI security patterns
Comparison:
- traditional WAF vs AI gateway vs app-layer guardrail
- proxy-based vs semantic filtering
Module 10 — Building a Layered AI Defense
Lab: Lab 08 — 08-Layered-Defense
Important philosophical conclusion:
No single layer can secure AI (a WAF least of all, on its own).
Students build a layered model:
- WAF
- API gateway
- AI gateway
- Guardrails
- Runtime monitoring
- Identity/authorization
- Sandbox
- Human approval
- Observability
- Incident response
This aligns strongly with the “multi-layer security” model.
Module ↔ Lab map
Labs run in lab order, which follows module order.
The course has 10 modules but 8 labs: Modules 2 and 9 are interactive recap/discussion sessions and have no lab.
Each lab is tagged with its module throughout this outline.
- Lab 01 (Module 1)
- Folder: 01-Introduction
- Title: Explore an AI system — what's on the wire
- Lab 02 (Module 3)
- Folder: 02-Prompt-Injection
- Title: Attack a chatbot & bypass naive filtering
- Lab 03 (Module 4)
- Folder: 03-WAF-Basics
- Title: Build AI-aware WAF rules
- Lab 04 (Module 5)
- Folder: 04-RAG-Security
- Title: Poison a RAG pipeline
- Lab 05 (Module 6)
- Folder: 05-Agent-Security
- Title: Secure an autonomous agent
- Lab 06 (Module 7)
- Folder: 06-Denial-of-Wallet
- Title: Detect denial-of-wallet attacks
- Lab 07 (Module 8)
- Folder: 07-Detection
- Title: Monitor AI abuse patterns in logs
- Lab 08 (Module 10)
- Folder: 08-Layered-Defense
- Title: Build a layered AI defense architecture
Capstone
Students defend a simulated enterprise AI assistant.
Attackers attempt:
- prompt injection
- tool abuse
- credential theft
- retrieval poisoning
- excessive API consumption
- agent escalation
Teams build:
- WAF rules
- AI gateway policies
- runtime detection
- guardrails
- incident response
Requisitos
- Students should already have a solid understanding of HTTP/API security, proxies/reverse proxies, authentication, OWASP Top 10, REST APIs, and basic cloud networking.
Audience
- Security engineers & AppSec professionals
- SOC analysts & detection engineers
- API security engineers
- Cloud / API / platform security specialists
- DevSecOps engineers
- Security architects
- WAF / network security specialists
- AI platform engineers
Treinamento Corporativo Personalizado
Soluções de treinamento projetadas exclusivamente para empresas.
- Conteúdo Personalizado: Adaptamos o programa e os exercícios práticos aos objetivos e necessidades reais do seu projeto.
- Horário Flexível: Datas e horários adaptados à agenda da sua equipe.
- Formato: Online (ao vivo), In-Company (em suas instalações) ou Híbrido.
Preço por grupo privado, treinamento online ao vivo, a partir de 6500 € + VAT*
Entre em contato conosco para obter um orçamento preciso e conhecer nossas promoções mais recentes
Testemunhos de Clientes (2)
Gostei muito de aprender sobre ataques de IA e as ferramentas disponíveis para começar a praticar e usar ativamente na segurança. Saí da aula com bastante conhecimento que eu não tinha no começo, e o curso foi exatamente o que eu esperava. A parte que mais me chamou atenção na apresentação foi o Comet Browser, e fiquei impressionado com o que ele pode fazer. Com certeza investigarei isso mais a fundo. No geral, foi um ótimo curso e aproveitei muito para aprender o OWASP Top 10 para GenAI.
Patrick Collins - Optum
Curso - OWASP GenAI Security
Máquina Traduzida
O conhecimento profissional e a maneira como ele o apresentou a nós
Miroslav Nachev - PUBLIC COURSE
Curso - Cybersecurity in AI Systems
Máquina Traduzida