Practical AI Security: Attacks, Defenses, and Applications

Live On-Site / Live Virtual

Learn Offensive and Defensive AI Security Strategies

This intensive course guides you from the foundations of artificial intelligence, machine learning, and neural networks into the world of large language models and transformers. You will explore how AI and LLMs can be weaponized and defended. Through immersive labs, you will train models, build LLM applications, and simulate real red team attacks. Along the way, you will develop a deep understanding of sampling, prompting, embeddings, and attention.

By the end of the course you will have practical code, projects, and security tools that are directly applicable to your professional work.

What You Will Learn

Practical AI Security: Attacks, Defenses, and Applications is a comprehensive course built for developers and cybersecurity professionals who want to get up to speed on the fast-moving world of AI and security. Instead of staying high-level, it takes you step by step from the basics of machine learning to advanced offensive and defensive techniques involving Large Language Models (LLMs). By the end, you’ll know how to use AI as part of your security toolkit, while also spotting and defending against the new risks it brings.

The course starts with the essentials of AI and machine learning. You’ll learn the differences between AI, Machine Learning, and Deep Learning, and then actually train models yourself. With practical labs using tools like Scikit-Learn, you’ll get comfortable with concepts like supervised vs. unsupervised learning, neural networks, bias, and overfitting. This way you’ll know how AI works under the hood before jumping into security-specific applications.

From there, we’ll dig into how modern generative AI systems are built, focusing on LLMs. You’ll learn the core ideas behind tokenization, context windows, and the Transformer architecture that drives models like GPT. Through exercises, you’ll practice prompt engineering, tweak parameters like temperature and top-p to control outputs, and use embeddings with vector databases such as FAISS for semantic search. You’ll even get to build and deploy simple LLM-based web apps.

Once you’ve got the fundamentals down, we’ll move onto some real security applications. On the offensive side, you’ll explore how AI can be used for things like automated pentesting agents, vulnerability discovery, and exploit development. We’ll look at research projects like Google’s Project Naptime and review tools already used by red teams. On the defensive side, you’ll see how AI can help with threat modeling, automated code reviews, and security-focused retrieval systems for documentation and CVE databases.

Finally, the course zeroes in on the security of AI systems themselves. You’ll experiment with prompt injection attacks, denial-of-service techniques, and data exfiltration against AI agents, looking at real-world issues in systems like LangChain, GitHub Copilot, and ChatGPT. Then, you’ll learn how to defend against these attacks by building guardrails, applying frameworks like Google’s SAIF, and adapting red teaming approaches to generative AI.

By attending this course , you will get

Certificate of completion for the Training program
Cloud Access for hands-on labs and exercises
A curated list of essential articles and research papers in AI security
Source code for all labs and custom tools
Slack access for the class and after for regular AI security discussions

Key Objectives

Understand the core concepts distinguishing AI, Machine Learning, and Deep Learning, including the complete ML model training lifecycle.
Gain hands-on experience with Neural Networks, from basic forward propagation to training models on datasets like MNIST.
Master the fundamentals of LLMs, including Transformer architecture, tokenization (BPE), context windows, and embeddings.
Become proficient in Prompt Engineering (zero-shot, few-shot, Chain-of-Thought) and controlling model output via sampling parameters (Temperature, Top-k, Top-p).
Learn to use essential tools like Hugging Face, Scikit-Learn, and vector databases like FAISS.
Build and deploy AI applications, including custom RAG (Retrieval-Augmented Generation) systems and simple web apps.
Develop Offensive AI capabilities, including building AI agents for pentesting, vulnerability scanning, and exploit development assistance.
Implement Defensive AI and DevSecOps strategies, such as automating threat modeling, patch diffing, and security code reviews.
Analyze and execute attacks against AI systems, including Prompt Injection, agent exploitation, and data exfiltration techniques.
Apply AI to enhance Reverse Engineering workflows with tools that integrate AI into Ghidra and Binary Ninja.
Understand and implement AI security best practices and frameworks, including Google’s Secure AI Framework (SAIF) and red teaming methodologies for LLMs.
Analyze real-world AI vulnerabilities and CVEs in popular frameworks and applications like LangChain and GitHub Copilot.

Duration

2 Days

Ways to Learn

Live Virtual

Live On-Site

Who Should Attend?

This course is ideal for anyone interested in learning about the application of AI in cybersecurity.

laptop Requirements

Laptop with: 8+ GB RAM and 40 GB hard disk space
Students will be provided with access to Linux cloud instances
Administrative access on the system

Detailed Course Setup instructions and Slack access will be sent a few weeks prior to the class

Need To Justify To Your Manager?

Need a Template to Justify the Training Request to your Manager? Download the Template below

Syllabus

Module 1: Introduction to Machine Learning Fundamentals

Understanding Supervised vs Unsupervised Learning
Exploring Linear Regression, Decision Trees, Random Forests, and Support Vector Machines (SVM)
Applications of K-Means Clustering and Principal Component Analysis (PCA)
Introduction to Pandas, scikit-learn, and statsmodel libraries
Practical Training on Creating Training, Testing, and Validation Sets
Strategies for Reducing Loss: Stochastic Gradient Descent, Learning Rate Optimization

Module 2: Advanced Machine Learning Techniques

Anomaly Detection using Machine Learning
Real-world Applications and Use Cases
Lab Exercises on Anomaly Detection Techniques
Case Study: Credit Card Fraud Detection using ML algorithms
Case Study: Detecting Network Attacks using ML algorithms

Module 3: Leveraging AI for Building Pentest Tools

Understanding the Role of AI in Cybersecurity and Pentesting
AI-Powered Vulnerability Detection and Exploitation
Building Custom Pentest Tools using ML Algorithms
Practical Hands-on Session: Developing an AI-Based Pentest Tool

Module 4: Understanding Neural Networks and Large Language Models (LLMs)

Basics of Neural Networks
Understanding the Working Principles of Large Language Models
Exploring Popular Open Source LLMs and their Use Cases
Security Challenges in Large Language Model Applications
Owasp Top 10 for LLMs
Techniques like Langchain agents, RAG, and Fine-Tuning LLM models with Custom Data
Hands-on tutorials on utilizing pre-trained LLMs for automating tasks such as reconnaissance.
Best practices for fine-tuning LLMs for specific cyber operation tasks

Module 5: Advanced Data Handling Techniques

Utilizing LLamaIndex for Data Management
Using LangChain to build Custom chains
Working with Multiple Data Sources and Integration
Handling Extremely Large Datasets with Efficient Data Processing Techniques
Leveraging Vector Indexes and Vector Databases for Data Analysis

Module 6: Building Full-Stack AI Applications for Cybersecurity

Introduction to Full-Stack Development for AI Applications
Integrating AI Security Tools into Existing Cybersecurity Frameworks
Practical Guide to Building Full-Stack AI Apps
Hands-on Project: Developing a Full-Stack AI App for Cybersecurity

Module 7: Conclusion, Future Trends, and Challenges

Recap of Course Learnings and Key Takeaways
Future Trends and Innovations in AI for Cybersecurity
Challenges and Opportunities in the Evolving Landscape of AI-driven Security Solutions

Prerequisites

To successfully participate in this course, attendees should possess the following:

Working knowledge of cybersecurity and pentesting fundamentals
Basic understanding of Artificial Intelligence and Machine Learning fundamentals
Understanding of principles of data science and learning algorithms
Understanding of fundamental programming concepts and looping structures in at least one higher-level language used in machine learning (eg: Python, or similar)

TRUSTED TRAINING PROVIDERS

Our trainers boast more than ten years of experience delivering diverse training sessions at conferences such as Blackhat, HITB, Power of Community, Zer0con, OWASP Appsec, and more.

Trainer engaging with attendees in a mobile security training.

Interactive discussion in a mobile security training session at BlackHat

Classroom setup during a mobile security training session.

Participants taking notes during a mobile security training session.

Group interaction in a mobile security training session.

Trainer presenting on mobile security to a group using a projector.

Participants viewing a slide presentation on mobile security.

Training session with participants using laptops in a mobile security course.

Wide view of a mobile security training session with attendees.

Participants in a mobile security training session watching a presentation.

Participants listening during a mobile security training session.

Close-up of participants at a mobile security training session.

Trainer presenting to participants in a mobile security training session.

Hear from our Students

Our Students are our greatest voice, just read what they have to say!

OUR MODES OF TRAINING

Perfect for Teams in Multiple Location

Real-time interaction with our expert trainers over Zoom
Customizable content tailored to your team’s needs
Continued support after the training

Perfect for Teams in One Location

Real-time interaction with our expert trainers at an onsite location
Customizable content tailored to your team’s needs
Continued support after the training

FAQ

What are the different formats in which the courses are offered?

Our Live Virtual and On-Site sessions replicate the interactive classroom experience, fostering real-time collaboration and engagement among participants.

Can i share the purchased course material with other people?

No, the training that you purchase from 8kSec, including the course materials is exclusively for your individual use. You may not reproduce, distribute or display (post/upload) lecture notes, or recordings, or course materials in any other way — whether or not a fee is charged – without the express written consent of 8kSec.

Where can i find the Certificate of Course Completion?

For On-Site/Virtual Courses during private trainings/conferences, we provide a customized certificate after the completion of the course. Please note that the Certificate of Course Completion is different from the one obtained after clearning the Certification exam.

Do i need to setup any Labs in order to perform the Labs in the training?

For Virtual/Live Trainings, we will provide you access to our Lab environment and an instruction guide during the training.

Where can i find the schedule of your Virtual/Live Training classes?

You can find our Training Schedule at https://8ksec.io/public-training/. To schedule a Live Virtual or Live On-site private training for a group of 5+ attendees, email trainings@8ksec.io and our logistics team will get in touch with you to organize one.

The information on this page is subject to change without notice.

CONTACT US

Please share with us the project requirements and the goals you want to achieve, and one of our sales representatives will contact you within one business day.

Our Location

51 Pleasant St # 843, Malden, MA, Middlesex, US, 02148

General and Business inquiries

contact@8ksec.io

Trainings

trainings@8ksec.io

Press

press@8ksec.io

Phone

+1(347)-4772-006

SEND ENQUIRY

Get the latest news & updates

Penetration
Testing

Cybersecurity Consulting

Security
Compliance

SSDLC