Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Foundations: Threat Models for Agentic AI
- Understanding agentic threat types: misuse, escalation, data leakage, and supply-chain risks.
- Analyzing adversary profiles and attacker capabilities specific to autonomous agents.
- Mapping assets, trust boundaries, and critical control points for agent interactions.
Governance, Policy, and Risk Management
- Implementing governance frameworks for agentic systems, including roles, responsibilities, and approval gates.
- Designing policies covering acceptable use, escalation rules, data handling, and auditability.
- Addressing compliance considerations and evidence collection requirements for audits.
Non-Human Identity & Authentication for Agents
- Creating identities for agents, including service accounts, JWTs, and short-lived credentials.
- Applying least-privilege access patterns and just-in-time credentialing strategies.
- Managing identity lifecycle aspects such as rotation, delegation, and revocation.
Access Controls, Secrets, and Data Protection
- Utilizing fine-grained access control models and capability-based patterns for agents.
- Managing secrets, implementing encryption-in-transit and at-rest, and enforcing data minimization.
- Protecting sensitive knowledge sources and PII from unauthorized agent access.
Observability, Auditing, and Incident Response
- Designing telemetry for agent behavior, including intent tracing, command logs, and provenance.
- Integrating with SIEM systems, setting alerting thresholds, and ensuring forensic readiness.
- Developing runbooks and playbooks for handling agent-related incidents and containment.
Red-Teaming Agentic Systems
- Planning red-team exercises, defining scope, rules of engagement, and safe failover mechanisms.
- Employing adversarial techniques such as prompt injection, tool misuse, chain-of-thought manipulation, and API abuse.
- Conducting controlled attacks to measure exposure and potential impact.
Hardening and Mitigations
- Implementing engineering controls like response throttles, capability gating, and sandboxing.
- Establishing policy and orchestration controls, including approval flows, human-in-the-loop processes, and governance hooks.
- Applying model and prompt-level defenses such as input validation, canonicalization, and output filters.
Operationalizing Safe Agent Deployments
- Adopting deployment patterns such as staging, canary releases, and progressive rollouts for agents.
- Managing change control, testing pipelines, and pre-deploy safety checks.
- Facilitating cross-functional governance involving security, legal, product, and ops playbooks.
Capstone: Red-Team / Blue-Team Exercise
- Executing a simulated red-team attack against a sandboxed agent environment.
- Defending, detecting, and remediating as the blue team using controls and telemetry.
- Presenting findings, remediation plans, and proposed policy updates.
Summary and Next Steps
Requirements
- A solid background in security engineering, system administration, or cloud operations.
- Familiarity with AI/ML concepts and the behavior of large language models (LLMs).
- Experience with identity & access management (IAM) and secure system design.
Audience
- Security engineers and red-teamers.
- AI operations and platform engineers.
- Compliance officers and risk managers.
- Engineering leads responsible for agent deployments.
21 Hours
