snap
Sign in
SECMOD.SEC-10 · v1.0

Defend the prompt.
Bounce the
injection.

10 micro-lessons · ~108 min · Real Docker images

DEFENCE GRID · ARMED
4 LAYERS · OWASP LLM-TOP-10
LIVE
INPUT FILTERSANDBOXOUTPUT GUARDAUDIT LOG
ATTACKS BLOCKED
1,284
SECAI ENGINEERINGHOT

AI security & prompt-injection defense

STRIDE-for-LLM, OWASP LLM Top 10 (2025), Llama Firewall, PyRIT, NIST AI RMF, EU AI Act — the 2026 production bar.

WHY THIS MATTERS · OWASP LLM TOP 10 (2025) · ANTHROPIC THREAT REPORTS · SNYK 2026 DEVELOPER SECURITY REPORT · EU AI ACT
Anthropic disclosed the first state-sponsored AI-orchestrated cyber-espionage campaign in late 2025. Snyk's 2026 Developer Security Report: ~48% of AI-generated code carries a vulnerability; only 10% of devs scan most of it. Sonatype counted 454,600 NEW malicious packages in 2025 — and AI build pipelines now ingest them at machine speed. EU AI Act high-risk obligations live Aug 2026 with penalties up to €35M / 7% global turnover.
WHAT YOU'LL LEARN
01Threat-modelling AI systems
02OWASP LLM Top 10 (2025)
03Prompt injection defense
04Jailbreaks & adversarial robustness
05Guardrails frameworks
06Red-teaming with PyRIT + Garak
07Tool-use safety + sandboxing
08Supply-chain security
09Privacy & data leakage
10Compliance & rollout
YOU'LL BE ABLE TO
Defend the OWASP LLM Top 10 (2025) in code — gate every release in CI
Ship a 5-layer prompt-injection firewall (Prompt Guard 2 + spotlighting + Llama Guard 4) in front of any model
Run automated red-teams (PyRIT + Garak) and turn customer-reported breaks into permanent regression tests
Sandbox tool execution and lock down model + plugin supply chain (ModelScan + Sigstore + digest-pin)
Produce a NIST AI RMF + EU AI Act + ISO/IEC 42001 evidence pack auditors and procurement actually accept
SKILLS YOU'LL GAIN

Real skills, real career delta.

Skills you'll gain

12
  • Threat-model an AI system using STRIDE-for-LLM + MITRE ATLASWorking

    Map trust zones, attack surfaces, and TTPs for any LLM / agent / RAG system. Produce a defendable threat model in a design review.

  • Mitigate every OWASP LLM Top 10 (2025) risk with concrete controlsProduction

    Walk an auditor through input + output filters, supply-chain scans, agency caps, audit logs, vector-store scoping, and rate limits — not slogans.

  • Defend prompt injection (direct + indirect) in productionProduction

    Five layers: Prompt Guard 2 input classifier, spotlighting delimiters (Microsoft 2024 paper), system-prompt hardening, output classifier, audit log. Numbers from PyRIT confirm the lift.

  • Detect & break jailbreaks (many-shot, Crescendo, PAIR, TAP, Policy Puppetry)Advanced

    Run automated jailbreak suites against your endpoint; understand why each works; harden via classifier + constitutional refusals + length caps + multi-turn drift detection.

  • Build a guardrails layer with Llama Firewall / NeMo Guardrails / Llama Guard 4 / LakeraProduction

    Pick the right framework by stack (open-weights vs managed vs DSL); ship jailbreak / topical / RAG / sensitive rails; gate releases on rail-pass-rate.

  • Run automated red-teams with PyRIT + Garak in CIProduction

    Garak probes + PyRIT multi-turn orchestration as test suites. New release = new green run, or no merge. Land every customer-reported jailbreak as a permanent probe.

  • Sandbox tool execution with Daytona / E2B / Firecracker microVMsAdvanced

    Code-interpreter and arbitrary tool calls run in isolated sandboxes (Daytona ~27-90ms cold start; E2B Firecracker for hardware-level isolation). No host-fs access; per-call resource caps.

  • Secure the model supply chain (ModelScan + Sigstore + AI/ML SBOM)Production

    Scan every model artefact at ingest; verify Sigstore signatures (model-transparency v1.0); pin model digests; quarantine malicious artefacts before they reach inference. CI gate before promotion.

  • Redact PII and defend training-data extractionProduction

    Microsoft Presidio / AWS Comprehend / Azure Cognitive Services in + out. Defend membership inference (AttenMIA 2026) + Carlini divergent-decoding extraction. GDPR right-to-erasure compliance.

  • Comply with NIST AI RMF + EU AI Act + ISO/IEC 42001Working

    Map controls to the four NIST functions (Govern · Map · Measure · Manage). Track GPAI Aug 2025 vs high-risk Aug 2026 obligations. ISO/IEC 42001:2023 is increasingly required for enterprise procurement.

  • Run an AI incident response playbook end-to-endAdvanced

    Detect → triage → contain → eradicate → recover → post-mortem. Kill switches, secret rotation, MITRE ATLAS technique IDs, EU AI Act 15-day report, GDPR 72h breach notice.

  • Stand up an AI-security baseline for any new deploymentProduction

    5-layer gateway + OWASP test suite + Garak scan + ModelScan ingest gate + observability + audit log. The 'we just shipped to prod safely' checklist.

RUNNABLE ON YOUR MACHINE
$ docker pull snap/ai-security:firewall
$ docker run --rm -it snap/ai-security:firewall
snap/ai-security:firewall
QUICK PREVIEW · 7 MIN
VERIFIED ENGINEER REVIEWS
Concrete defences, not 'be careful' essays. The PyRIT + Garak harness lifted our team's red-team coverage by 3× in one sprint.
@redteam_robVERIFY ON GITHUB
The exfiltration + sandboxing lessons are required reading. We rolled the firewall into staging same week.
@sre_mayaVERIFY ON GITHUB
LESSONS10
HOURS~1.8
LEARNERS2,410
THIS WEEK+33%