Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Day 1 — Agentic AI Security Deep Dive
Session 1 — 09:30 to 10:50 · Recap and Prompt Injection at Depth
- Quick recap of the OWASP LLM Top 10 (2025) — agreed baseline
- Advanced prompt injection: indirect injection, multi-turn manipulation, cross-modal injection
- Jailbreak techniques and defensive taxonomies
- System prompt leakage and information extraction patterns
- Interactive Slido poll: "What's the most sensitive tool your agents have access to today?"
Break — 10:50 to 11:10
Session 2 — 11:10 to 12:30 · Securing AI Pipelines — Data, Models, and RAG
- Training data integrity: poisoning, backdoors, and provenance
- Model supply chain risks: fine-tuning pipelines, adapter models, and registry hygiene
- RAG-specific attack surfaces: vector store poisoning, context manipulation, retrieval attacks
- Embedding security: what embeddings leak and how to protect them
- Hands-on lab (~30 minutes): Delegates poison a small RAG corpus and then defend it. Paired exercise followed by group debrief.
Lunch — 12:30 to 13:20
Session 3 — 13:20 to 14:40 · OWASP Top 10 for Agentic Applications (2026) — Part 1
- Agent goal manipulation and objective subversion
- Tool-use permission abuse and privilege escalation via tool chains
- Memory manipulation: persistent, episodic, and shared memory attacks
- Planning and reasoning exploits
- Identity and authentication in agent systems
- Short live demo: A goal-manipulation attack against a simple planning agent
Break — 14:40 to 15:00
Session 4 — 15:00 to 16:30 · OWASP Top 10 for Agentic Applications (2026) — Part 2 + MCP Security
- MCP (Model Context Protocol) architecture and trust boundaries
- MCP server security: authentication, tool scoping, and permission models
- Multi-step workflow attacks: chaining, indirect execution, cascading failures
- Cross-agent communication and trust
- Agent observability and forensic readiness
- Day 1 close: each delegate identifies one critical agentic risk in their own stack
- Q&A
Day 2 — Red-Teaming, Architecture, and Incident Response
Session 1 — 09:30 to 10:50 · AI Red-Teaming — Methodology
- What AI red-teaming is (and is not) — distinction from traditional pentesting
- Red-teaming frameworks: MITRE ATLAS, OWASP Agentic Top 10 mapping, NIST AI RMF
- Scoping a red-team engagement for an LLM or agent system
- Manual techniques: prompt-engineering attacks, jailbreak libraries, goal-hijacking
- Automated tooling landscape: Garak, PyRIT, Promptfoo, custom harnesses
- Ethics, safety, and responsible disclosure for AI vulnerabilities
Break — 10:50 to 11:10
Session 2 — 11:10 to 12:30 · Hands-On Red-Teaming Lab
- Extended hands-on lab (~60 minutes): Delegates work in pairs against a prepared target — a multi-step agentic application with at least three known vulnerabilities. Each pair produces a short red-team report, including attack path, impact assessment, and recommended mitigations.
- Group share-back and collective debrief
Lunch — 12:30 to 13:20
Session 3 — 13:20 to 14:40 · Secure Architecture Patterns for Agentic AI in Government
- Defence-in-depth for agent systems: isolation, sandboxing, and blast-radius reduction
- Designing safe tool catalogues: allow-listing, parameter validation, output inspection
- Human-in-the-loop patterns and when to require confirmation
- Sensitive data boundaries: where PII and OFFICIAL-SENSITIVE data can and cannot flow
- Aligning with UK AI Principles, NIST AI RMF, and ISO/IEC 42001 controls
- Architectural case study: a realistic government agentic service walkthrough
Break — 14:40 to 15:00
Session 4 — 15:00 to 16:30 · Incident Response, Playbook Build, and Close
- AI-specific incident classes: prompt-injection escalation, tool misuse, data exfiltration via agents, model-misbehaviour incidents
- Detection signals and logging patterns for agent systems
- Response playbook structure: containment, eradication, recovery, lessons learned
- Capstone exercise (~45 minutes): Delegates build a one-page agent security playbook for a representative service from their own domain
- Implementation planning: 30-day, 60-day, 90-day actions
- Resources, further reading, and next steps
- Q&A and course close
Requirements
- Confident with at least one modern programming language (Python strongly recommended for labs)
- Prior completion of AI Security Fundamentals for Developers or equivalent working knowledge of the OWASP Top 10 for LLM Applications (2025)
- Familiarity with REST APIs, containerisation basics, and general secure development practices
- Experience with at least one LLM API (OpenAI, Anthropic Claude, Azure OpenAI, or similar) is helpful but not essential
Audience
- Software engineers and AI/ML engineers building agentic or tool-using AI systems
- Security engineers and security champions working with AI-enabled products
- Platform and DevOps engineers responsible for LLM and agent infrastructure
- Technical leads and architects designing AI-powered government services
- Those who have completed AI Security Fundamentals for Developers or have equivalent experience
14 Hours
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customized Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from 3200 € + VAT*
Contact us for an exact quote and to hear our latest promotions
