Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Foundations: Threat Models for Agentic AI
- Agentic threat categories: misuse, escalation, data leakage, and supply-chain risks.
- Adversary profiles and attacker capabilities specific to autonomous agents.
- Mapping assets, trust boundaries, and critical control points for agents.
Governance, Policy, and Risk Management
- Governance frameworks for agentic systems (roles, responsibilities, approval gates).
- Policy design: acceptable use, escalation rules, data handling, and auditability.
- Compliance considerations and evidence collection for audits.
Non-Human Identity & Authentication for Agents
- Designing agent identities: service accounts, JWTs, and short-lived credentials.
- Least-privilege access patterns and just-in-time credentialing.
- Identity lifecycle management, including rotation, delegation, and revocation strategies.
Access Controls, Secrets, and Data Protection
- Fine-grained access control models and capability-based patterns for agents.
- Secrets management, encryption in transit and at rest, and data minimization.
- Protecting sensitive knowledge sources and PII from unauthorized agent access.
Observability, Auditing, and Incident Response
- Designing telemetry for agent behavior: intent tracing, command logs, and provenance.
- SIEM integration, alerting thresholds, and forensic readiness.
- Runbooks and playbooks for agent-related incidents and containment.
Red-Teaming Agentic Systems
- Planning red-team exercises: scope, rules of engagement, and safe failover.
- Adversarial techniques: prompt injection, tool misuse, chain-of-thought manipulation, and API abuse.
- Conducting controlled attacks and measuring exposure and impact.
Hardening and Mitigations
- Engineering controls: response throttles, capability gating, and sandboxing.
- Policy and orchestration controls: approval flows, human-in-the-loop, and governance hooks.
- Model and prompt-level defenses: input validation, canonicalization, and output filters.
Operationalizing Safe Agent Deployments
- Deployment patterns: staging, canary, and progressive rollout for agents.
- Change control, testing pipelines, and pre-deploy safety checks.
- Cross-functional governance: security, legal, product, and ops playbooks.
Capstone: Red-Team / Blue-Team Exercise
- Execute a simulated red-team attack against a sandboxed agent environment.
- Defend, detect, and remediate as the blue team using controls and telemetry.
- Present findings, remediation plans, and policy updates.
Summary and Next Steps
Requirements
- Strong background in security engineering, system administration, or cloud operations.
- Familiarity with AI/ML concepts and the behavior of large language models (LLMs).
- Experience with identity and access management (IAM) and secure system design.
Audience
- Security engineers and red-team specialists.
- AI operations and platform engineers.
- Compliance officers and risk managers.
- Engineering leads responsible for agent deployments.
21 Hours
