Skills you'll gain
12- Threat-model an AI system using STRIDE-for-LLM + MITRE ATLASWorking
Map trust zones, attack surfaces, and TTPs for any LLM / agent / RAG system. Produce a defendable threat model in a design review.
- Mitigate every OWASP LLM Top 10 (2025) risk with concrete controlsProduction
Walk an auditor through input + output filters, supply-chain scans, agency caps, audit logs, vector-store scoping, and rate limits — not slogans.
- Defend prompt injection (direct + indirect) in productionProduction
Five layers: Prompt Guard 2 input classifier, spotlighting delimiters (Microsoft 2024 paper), system-prompt hardening, output classifier, audit log. Numbers from PyRIT confirm the lift.
- Detect & break jailbreaks (many-shot, Crescendo, PAIR, TAP, Policy Puppetry)Advanced
Run automated jailbreak suites against your endpoint; understand why each works; harden via classifier + constitutional refusals + length caps + multi-turn drift detection.
- Build a guardrails layer with Llama Firewall / NeMo Guardrails / Llama Guard 4 / LakeraProduction
Pick the right framework by stack (open-weights vs managed vs DSL); ship jailbreak / topical / RAG / sensitive rails; gate releases on rail-pass-rate.
- Run automated red-teams with PyRIT + Garak in CIProduction
Garak probes + PyRIT multi-turn orchestration as test suites. New release = new green run, or no merge. Land every customer-reported jailbreak as a permanent probe.
- Sandbox tool execution with Daytona / E2B / Firecracker microVMsAdvanced
Code-interpreter and arbitrary tool calls run in isolated sandboxes (Daytona ~27-90ms cold start; E2B Firecracker for hardware-level isolation). No host-fs access; per-call resource caps.
- Secure the model supply chain (ModelScan + Sigstore + AI/ML SBOM)Production
Scan every model artefact at ingest; verify Sigstore signatures (model-transparency v1.0); pin model digests; quarantine malicious artefacts before they reach inference. CI gate before promotion.
- Redact PII and defend training-data extractionProduction
Microsoft Presidio / AWS Comprehend / Azure Cognitive Services in + out. Defend membership inference (AttenMIA 2026) + Carlini divergent-decoding extraction. GDPR right-to-erasure compliance.
- Comply with NIST AI RMF + EU AI Act + ISO/IEC 42001Working
Map controls to the four NIST functions (Govern · Map · Measure · Manage). Track GPAI Aug 2025 vs high-risk Aug 2026 obligations. ISO/IEC 42001:2023 is increasingly required for enterprise procurement.
- Run an AI incident response playbook end-to-endAdvanced
Detect → triage → contain → eradicate → recover → post-mortem. Kill switches, secret rotation, MITRE ATLAS technique IDs, EU AI Act 15-day report, GDPR 72h breach notice.
- Stand up an AI-security baseline for any new deploymentProduction
5-layer gateway + OWASP test suite + Garak scan + ModelScan ingest gate + observability + audit log. The 'we just shipped to prod safely' checklist.