Summer Sale · 25% off · SUMMER25
8kSec

Advanced AI Security: Attacks, Defenses, and Applications

Live On-Site / Live Virtual / On-Demand

Master Offensive & Defensive AI Security at an Advanced Level

The advanced, build-heavy follow-up to Practical AI Security. Go deep on model-format attacks, AI-powered web and mobile security testing, LLM-powered code scanning, advanced prompt injection and jailbreaking, MCP server exploitation, model backdoors, AI red teaming, commercial AI gateways, and local fine-tuning attacks and defenses — with hands-on labs throughout.

Advanced AI Security: Attacks, Defenses, and Applications

What You Will Learn

This course is the direct follow-up and next step to our original course, Practical AI Security: Attacks, Defenses, and Applications. Complete that foundational course first, then take this advanced course to go deeper.

Advanced AI Security is the deep, build-heavy follow-up to Practical AI Security. Where the foundational course teaches you how LLMs, RAG pipelines, AI agents and MCP work and how to attack them at a basic level, this course drops you into the frontier of AI security — both as an attacker and as a defender — and keeps you at the keyboard.

On the offensive side you will inspect model internals and formats and detect malicious models, use AI agents to automate web and mobile application security testing, build LLM-powered code scanners, master advanced prompt injection and jailbreaking (multi-turn Crescendo escalation, encoding bypasses, reasoning-model exploitation), exploit MCP servers, plant and detect model backdoors, and run AI-powered vulnerability research and multimodal attacks.

On the defensive side you will red team AI systems at scale with Garak, PyRIT, Promptfoo and DeepTeam, evaluate and deploy commercial AI gateways (Cloudflare, Vercel, LiteLLM), and work through advanced fine-tuning attacks and defenses using local MLX workflows on Apple Silicon. Every module is anchored on hands-on labs against real, deliberately-vulnerable AI systems.

Key Objectives

  • Stand up an advanced AI security lab with local GPU/MLX inference and vulnerable AI targets
  • Inspect model internals and formats (pickle, safetensors, GGUF, ONNX) and detect malicious models
  • Master Claude Code, Gemini CLI and OpenAI Codex and analyse the attack surface of AI coding tools
  • Automate web application security testing with autonomous AI agents (Burp, ZAP integration)
  • Build AI-powered mobile security testing and autonomous assessment agents
  • Build LLM-powered code scanners with open-source and commercial pipelines
  • Use AI agents for vulnerability research, fuzzing augmentation and exploit workflows
  • Master advanced prompt injection and jailbreaking (Crescendo, encoding, reasoning-model exploits)
  • Execute advanced multimodal and cross-modal attacks on vision and audio models
  • Exploit MCP servers (tool poisoning, rug-pulls, RCE chains) and build secure ones
  • Implant and detect model backdoors, sleeper agents and LoRA backdoors (Neural Cleanse)
  • Red team AI systems at scale with Garak, PyRIT, Promptfoo and DeepTeam in CI/CD
  • Evaluate and deploy commercial AI gateways (Cloudflare, Vercel, LiteLLM) with defense-in-depth
  • Perform advanced fine-tuning attacks and defenses with local MLX workflows on Apple Silicon

All our live trainings are highly customizable. We can tailor the content to cover topics specific to your team's needs. Contact us for more details.

Syllabus

Module 1: Course Overview & Advanced Lab Environment +
  • Deploying the vulnerable AI applications stack and building a custom vulnerable AI app
  • Setting up the advanced lab locally and in Google Colab; configuring multi-provider LLM backends
  • Running local LLMs — Ollama, LM Studio and model selection
  • Generating API keys for Anthropic, Google Gemini and OpenAI
  • Threat modeling an AI application with STRIDE-AI
  • Benchmarking AI security posture with automated scanning
  • Ethical use and responsible disclosure guidelines
Module 2: Understanding Model Architecture & Formats +
  • Anatomy of a model — weights, config, tokenizer and adapters (worked safetensors dissection)
  • Model formats: PyTorch, TensorFlow, safetensors, GGUF and ONNX (inspect a GGUF model)
  • Pickle and deserialization: how a model file runs code — craft and detect a malicious pickle
  • Multi-format model scanning with ModelScan, picklescan and fickling
  • Adapters and fine-tuning artifacts: the small files that carry big risk (inspect a LoRA adapter)
  • Integrity and signing: proving a model is what it claims — sign and verify with cosign
  • Where models come from: sources and the AI supply chain
Module 3: AI Tools, Agents & Plugin Ecosystem +
  • Agents, MCPs, workflows and agent teams — what's the difference
  • Claude Code, Gemini CLI and OpenAI Codex — terminal AI for security work
  • Claude Code deep dive: CLAUDE.md, memory, hooks and the permission system; building security skills
  • OpenAI Codex CLI — setup, sandbox model and security implications
  • Finding IDOR vulnerabilities with the Burp Suite MCP
  • MCP servers — protocol, connecting, and security
  • Installing RTK, measuring token savings, and analysing the hook and trust model
Module 4: AI-Powered Web Application Security Testing +
  • Building custom Claude Code skills for web reconnaissance and OWASP Top 10 testing
  • XSS, SQL injection and SSRF detection skills
  • Authentication and authorization bypass testing skills
  • API security testing skills: REST, GraphQL and gRPC
  • Advanced web testing: fuzzing, frontend analysis and LLM-powered payloads
  • Building web pentest pipelines and bug-bounty automation
  • Full web-scan orchestration and web security agents with CrewAI and LangGraph
Module 5: AI-Powered Mobile Security Testing & Autonomous Assessment Agents +
  • AI-powered mobile security architecture and the agent loop
  • Android APK static analysis with Claude skills on a real vulnerable target (InsecureBankv2)
  • Dynamic analysis with Frida — AI-generated hooks with validation
  • SSL pinning bypass, advanced binary reversing, and intent/deeplink vulnerability discovery
  • LLM-assisted mobile binary analysis, reverse engineering, and iOS security testing with AI
  • Autonomous UI traversal with Maestro MCP
  • Orchestrating mobile assessments with pipelines and a LangGraph state graph
Module 6: LLM-Powered Code Scanning — Open-Source & Commercial Pipelines +
  • Pluggable, model-agnostic code scanner with hot-swappable backends
  • Hybrid SAST: deterministic rules (Semgrep) plus LLM intelligence and triage
  • Custom vulnerability rule engines with LLM triage
  • Prompt injection in scanned code and scanner hardening (injection-resistant scanner)
  • Evaluation harness — measuring scanner quality on the OWASP benchmark
  • Scaling LLM scanning to real repositories and CI/CD integration
  • RAG-augmented vulnerability triage with the CWE database
Module 7: AI-Powered Vulnerability Research +
  • AI-assisted source-code auditing beyond simple pattern matching
  • AI-driven fuzzing: smart corpus generation and coverage-guided mutation (LLM-guided REST API fuzzing)
  • Variant analysis with AI — finding families of similar vulnerabilities (Semgrep + LLM)
  • AI for binary analysis and RE acceleration (Ghidra + AI; agentic RE with MCP + Ghidra/IDA)
  • LLM-assisted exploit development for known vulnerabilities
  • Decompilation annotation, vulnerability-pattern matching and patch diffing
  • AI-powered smart-contract vulnerability scanning
Module 8: Advanced Prompt Injection & Jailbreaking +
  • Taxonomy of prompt injection: direct, indirect, multi-turn and compositional
  • Automating jailbreaks with PAIR, TAP, GCG, AutoDAN and next-gen techniques
  • Crescendo and multi-turn persuasion attacks; many-shot jailbreaking
  • Indirect prompt injection via poisoned RAG documents
  • Exploiting tool-use / function-calling LLMs to exfiltrate data
  • Context-window poisoning and token smuggling
  • Building a custom prompt-injection fuzzer
Module 9: Advanced Multimodal & Cross-Modal Attacks +
  • Adversarial attacks on vision-language models (GPT-4V, LLaVA, Gemini)
  • Crafting adversarial images and QR codes that hijack VLM responses
  • Typography and steganographic attacks — hidden instructions in PDFs, DOCX and spreadsheets
  • Audio adversarial attacks on speech-to-text and voice assistants (inaudible perturbations)
  • Cross-modal chaining — combining image, text and audio payloads (attack on an AI meeting summarizer)
  • Exploiting OCR-based document pipelines
  • Video-frame injection attacks on multimodal agents
Module 10: Advanced MCP Server Exploitation +
  • MCP protocol deep dive: transport, capabilities and auth flows
  • Tool poisoning — hidden malicious instructions in MCP tool descriptions (data exfiltration)
  • Achieving RCE via chained MCP tool calls; SSRF and RCE chains through integrations
  • Exploiting OAuth misconfigurations and scope escalation in remote MCP servers
  • Creating and detecting a trojaned MCP server package; marketplace supply-chain attacks
  • MCP rug-pull: dynamic tool-behaviour switching
  • Analysing real-world MCP vulnerabilities and building secure MCP servers
Module 11: Advanced Data Poisoning & Model Backdoors +
  • Clean-label poisoning — making backdoors invisible in training data
  • BadNets backdoor on a real classifier (GTSRB); trojan attacks on LLMs via instruction-tuning datasets
  • LoRA backdoor fine-tuning; sleeper agents (time- and context-triggered backdoors)
  • Detecting and mitigating backdoors with activation analysis (Neural Cleanse)
  • RAG poisoning — corrupting knowledge bases and vector stores via the service API
  • Trojan attacks on code-generation models
Module 12: Red Teaming AI Systems at Scale +
  • AI red teaming methodology: scoping, enumeration, exploitation and reporting
  • Automated campaigns with Microsoft PyRIT (architecture and attack orchestration)
  • Garak: LLM vulnerability scanning at scale; automated guardrail stress testing
  • Building custom red-team harnesses with LLM-as-judge evaluation and scoring
  • Evasion attacks on ML classifiers; Counterfit and the Adversarial Robustness Toolbox
  • End-to-end red-team pipeline with scoring and report generation
  • Continuous red teaming with CI/CD integration
Module 13: AI Gateways — Cloudflare, Vercel & LiteLLM (Attack & Defense) +
  • The AI gateway landscape — why you buy one, not build one
  • Cloudflare AI Gateway — setup, BYOK, Llama Guard + DLP, and running an attack corpus
  • Portkey AI Gateway — virtual keys, guardrails and budgets
  • LiteLLM Proxy (self-hosted, MIT-licensed) — virtual keys and budgets
  • Attack-versus-defense evaluation across the gateways
  • Defense-in-depth gateway stacks, with free-tier hands-on throughout
Module 14: Advanced Fine-Tuning — Attacks, Defenses & Local MLX Workflows +
  • Fine-tuning fundamentals for security practitioners
  • MLX LoRA fine-tuning for security analysis — local, on Apple Silicon
  • Safety removal via fine-tuning; adversarial fine-tuning attacks
  • Backdoor injection via fine-tuning
  • Fine-tuning defenses and an audit pipeline
  • Format-hopping persistence — backdoors that survive the LoRA-to-safetensors hop

Prerequisites

This is an advanced course. To get full value from the hands-on labs, attendees should possess the following:

  • Completion of 8kSec Practical AI Security, or equivalent working knowledge of LLMs, RAG, AI agents and prompt injection
  • Comfortable writing and reading Python (you will build and modify agent and tooling code throughout)
  • Familiarity with the command line, Git, and Docker
  • Working understanding of core web, mobile or cloud security concepts
  • An interest in offensive tooling and automation — this course is heavy on building things

Duration

3 Days

Ways To Learn

  • On Demand
  • Live Virtual
  • Live On-Site

Who Should Attend?

Security engineers, red teamers, AI/ML engineers, penetration testers and AppSec professionals who have completed Practical AI Security (or have equivalent LLM security experience) and want to operate at an advanced, hands-on level — attacking and defending agentic AI, LLM pipelines, and production ML systems.

Laptop Requirements

  • Laptop with 16+ GB RAM and 60 GB free disk space
  • Apple Silicon (M-series) recommended for the local MLX and GGUF inference labs; a discrete GPU works equally well
  • Cloud lab instances with GPU-backed inference are provided
  • Administrative/sudo access on the system
  • Docker installed; API keys for at least one commercial model are helpful but not required
  • Setup instructions sent before the course

Justification Letter

Need approval from your manager? Download our editable justification letter to make the case for attending this training.

Download Letter
Send Enquiry
Global Delivery

We Train Anywhere in the World

Can't make it to a public event? We deliver on-site training directly at your location. Our instructors travel worldwide — tell us where you are.

Your country not listed? We still travel there.

Get in Touch

Trusted Training Providers

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Training session 1
Training session 2
Training session 3
Training session 4
Training session 5
Training session 6
Training session 7
Training session 8

Take Your Skills To The Next Level

Our Modes Of Training

On Demand

Learn at your own pace

Perfect for Self-Paced Learners

  • Immediate access to materials
  • Lecture recordings, labs and self-assessments
  • 365 days of access
  • Certificate of completion
  • Dedicated email support
Learn More

Live Virtual

Get in touch for pricing

Perfect for Teams in Multiple Locations

  • Real-time interaction with expert trainers via Zoom
  • Customizable content for your team
  • Continued support after training
  • GPU-backed cloud labs for every attendee
Send Enquiry

Live On-Site

Get in touch for pricing

Perfect for Teams in One Location

  • Real-time interaction at your onsite location
  • Customizable content for your team
  • Continued support after training
  • GPU-backed cloud labs for every attendee
Send Enquiry

FAQ

The information on this page is subject to change without notice.

Contact Us

Have a question or want to learn more about this training? Get in touch with us.

Our Location

51 Pleasant St # 843, Malden, MA, US, 02148

General Inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Send Enquiry