Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Foundations: Threat Models for Agentic AI
- Types of agentic threats: misuse, escalation, data leakage, and supply-chain risks.
- Adversary profiles and attacker capabilities specific to autonomous agents.
- Mapping assets, trust boundaries, and critical control points for agents.
Governance, Policy, and Risk Management
- Governance frameworks for agentic systems: roles, responsibilities, and approval gates.
- Policy design: acceptable use, escalation rules, data handling, and auditability.
- Compliance considerations and evidence collection for audits.
Non-Human Identity and Authentication for Agents
- Designing identities for agents: service accounts, JWTs, and short-lived credentials.
- Least-privilege access patterns and just-in-time credentialing.
- Identity lifecycle management: rotation, delegation, and revocation strategies.
Access Controls, Secrets, and Data Protection
- Fine-grained access control models and capability-based patterns for agents.
- Secrets management, encryption in transit and at rest, and data minimization.
- Protecting sensitive knowledge sources and personally identifiable information (PII) from unauthorized agent access.
Observability, Auditing, and Incident Response
- Designing telemetry for agent behavior: intent tracing, command logs, and provenance.
- SIEM integration, alerting thresholds, and forensic readiness.
- Runbooks and playbooks for agent-related incidents and containment.
Red-Teaming Agentic Systems
- Planning red-team exercises: scope, rules of engagement, and safe failover.
- Adversarial techniques: prompt injection, tool misuse, chain-of-thought manipulation, and API abuse.
- Conducting controlled attacks and measuring exposure and impact.
Hardening and Mitigations
- Engineering controls: response throttles, capability gating, and sandboxing.
- Policy and orchestration controls: approval flows, human-in-the-loop mechanisms, and governance hooks.
- Model and prompt-level defenses: input validation, canonicalization, and output filters.
Operationalizing Safe Agent Deployments
- Deployment patterns: staging, canary releases, and progressive rollout for agents.
- Change control, testing pipelines, and pre-deploy safety checks.
- Cross-functional governance: security, legal, product, and operations playbooks.
Capstone: Red-Team vs. Blue-Team Exercise
- Execute a simulated red-team attack against a sandboxed agent environment.
- Defend, detect, and remediate as the blue team using controls and telemetry.
- Present findings, remediation plans, and policy updates.
Summary and Next Steps
Requirements
- Strong background in security engineering, system administration, or cloud operations.
- Familiarity with AI/ML concepts and the behavior of large language models (LLMs).
- Experience with identity and access management (IAM) and secure system design.
Target Audience
- Security engineers and red-team professionals.
- AI operations and platform engineers.
- Compliance officers and risk managers.
- Engineering leads overseeing agent deployments.
21 Hours
