Practical AI Security: Attacks, Defenses, and Applications

Practical AI Security: Attacks, Defenses, and Applications takes you from the foundations of machine learning to advanced security practices involving Generative AI and Large Language Models. Through hands-on labs, you'll train models, build LLM-powered applications, and execute real-world red team attack scenarios. You'll master both the offensive and defensive sides of AI security, from creating Automated Pentesting Agents and exploiting Prompt Injection vulnerabilities to implementing MCP Server attacks, conducting AI threat modeling, performing secure code reviews, deploying AI Gateways for protection, and designing robust guardrails. Along the way, you'll work with industry-standard tools including Hugging Face, LangChain, OpenAI APIs, Anthropic's Claude and MCP, and learn enterprise frameworks such as Google's SAIF (Secure AI Framework). By the end, you'll walk away with practical exploit code, reusable defensive tools, comprehensive security checklists, and the expertise to both attack and defend AI systems in production environments, making you a complete AI security professional capable of operating across the entire security lifecycle.

Level
Beginner / Intermediate
Video

15.5 hours - 115 videos
(See syllabus)
CERTIFICATION EXAM

Included

Understand the core concepts distinguishing AI, Machine Learning, and LLMs, including supervised vs unsupervised learning, neural networks, Generative AI, diffusion models, and the complete ML model training lifecycle from data preprocessing to deployment.
Master the fundamentals of Large Language Models, including Transformer architecture, tokenization mechanisms (BPE), context windows, embeddings, and the differences between foundational and fine-tuned models like GPT vs BERT architectures.
Become proficient in Prompt Engineering techniques including system vs user prompts, prompt templates, leaked system prompts analysis, and controlling model output via sampling parameters (Temperature, Top-k, Top-p) for security-focused workflows like threat modeling assistants.
Learn to use essential AI development tools including Hugging Face Transformers, LangChain (with memory and tool integration), LlamaIndex (multi-file processing), OpenWebUI for local LLM deployment, vector databases like FAISS for RAG implementations, and fine-tuning workflows.
Build and deploy production-ready AI applications, including custom RAG (Retrieval-Augmented Generation) systems with vector storage, conversational agents with short and long-term memory, AI-powered security tools with proper rule-based and advanced guardrails, and FastAPI-based scanners.
Master Model Context Protocol (MCP) servers for integrating AI with security tools to understand MCP vs traditional connectors, build custom MCP servers, and leverage them for reverse engineering, Mobile malware analysis, and automated penetration testing workflows. Configure MCP with Cursor and Claude for enhanced AI-assisted security research.
Develop Offensive AI capabilities, including building autonomous AI agents and workflows for vulnerability scanning, CVE finding, reconnaissance, IAM policy analysis, threat intelligence gathering, and exploit development assistance using frameworks like LangChain.
Execute advanced attacks against AI systems, including Prompt Injection variants (direct, indirect, multimodal attacks on CV screeners, meeting summarizers, image analyzers), jailbreaking techniques, data exfiltration through prompt manipulation, and exploiting MCP server vulnerabilities (Confused Deputy attacks, information disclosure, bruteforcing, arbitrary file read/write).
Implement Defensive AI strategies, including securing AI-powered applications against prompt injection, analyzing vulnerabilities in "vibe-coded" AI-generated applications, securing MCP servers with proper authentication and authorization, and applying pre-launch security checklists for AI-assisted apps.
Deploy and configure AI Gateways to secure production LLM applications and learn to migrate existing apps behind AI Gateways, implement multi-layered guardrails for input/output validation, configure rate limiting policies, and leverage analytics and comprehensive logging for monitoring, compliance, and cost optimization.
Master AI-powered Threat Modeling using STRIDE methodology and understand the engineering logic of systematic threat modeling, leverage LLMs to identify threats across Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege categories, and develop practical mitigations with AI assistance.
Apply AI to enhance Security Operations and Reverse Engineering workflows using Fabric AI for knowledge mining, log parsing, email header analysis, threat intelligence processing, video knowledge extraction, breaking language barriers in security research, and integrating AI into tools like Ghidra and JADX for automated malware analysis.
Understand and implement enterprise AI security frameworks, including comprehensive coverage of Google's Secure AI Framework (SAIF) with all 14 security risks (data poisoning, unauthorized training data, model tampering, prompt injection, model evasion, sensitive data disclosure, etc.).
Debug, intercept, and secure MCP implementations using MCP Inspector for debugging, Burp Suite for traffic interception and modification, and apply the comprehensive MCP Server Security Cheatsheet for identifying and remediating common vulnerabilities in both custom and third-party MCP servers.
Secure AI supply chains by pinning dependencies, verifying model signatures, understanding format risks, and detecting tampering or backdoors.
Earn the Certified AI Security Researcher (CAISR) certification by demonstrating mastery across all course modules from foundational AI/ML concepts through advanced offensive and defensive AI security techniques in real-world scenarios.

Syllabus

START LEARNING

Practical AI Security: Attacks, Defenses, and Applications

On-demand

Immediate access to materials
Lecture recordings and self-assessments
365 days of access
Certification of course completion
Certified AI Security Researcher Exam attempt
Dedicated email support

Buy for someone else

Purchase the Practical AI Security course and assign access to another learner. You can send it to a team member or purchase it as a gift.

The course will be delivered within one business day or on a scheduled date.

The assigned learner must register on the platform to access the course.

Enroll a group

Get in touch for pricing

Includes everything from the individual rate, plus:

Special group pricing
Available add-ons to Oversee and track individual student progress for large groups

Unlock Job Opportunities

Gain the in-demand skills to pursue career opportunities such as:

AI Security Engineer*

A Tech Giant Company

$136,000 – $212,800 a year

Offensive AI Security Tester*

IT Services Provider Firm

$114,400 - $124,800 a year

Adversarial Prompt Expert*

IT Services Provider Firm

Up to $80 per hour, part time

Our instructors are experts with over a decade of hands-on experience in mobile security, IoT exploitation, and vulnerability assessment. They've delivered numerous private trainings to high-profile clients and shared their knowledge at renowned conferences like BlackHat, Def Con, POC, TyphoonCon, Brucon, Hack in Paris, Phdays, Appsec USA, and more.

With thousands of students having completed our courses, our instructors continually refine their content based on real-world feedback. Whether through live sessions or our new on-demand courses, we ensure the same high-quality learning experience is accessible to professionals worldwide.

At 8kSec, we Empower businesses with Cutting-Edge Mobile Security Training, Pioneering Vulnerability research, and Innovative product offerings

Senior Lead Security Engineer - Mobile*

A Global Banking Corporation

$147,700 - $190,000 a year

- Formal training or certification on Mobile Development concepts and 5+ years applied experience
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery

- Working closely with in-house mobile development teams, providing guidance on secure coding practices, threat mitigation strategies, and optimal use of mobile security solutions.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.

Mobile Implant Software Engineer*

A Cyber-Risk Consulting Firm

$114,000 - $180,000 a year

- Proven experience in CNO and software development, particularly in support of DoD and Intelligence community customers
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP

- Lead research and development projects focused on mobile vulnerabilities and cyber operations
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices

Sr. Android Penetration Tester*

A Gobal Device Company

$130,000 - $166,000 a year

- 5+ years of penetration testing experience, including 2+ years of Android penetration testing and 1+ year of web application penetration testing
- Strong understanding of malware, phishing attacks, attack vectors, and security best practices
- Knowledge of penetration testing tools, threat modeling, and security frameworks
- Ability to conduct security research, CVE analysis, and adversary simulation
- Strong communication skills to work cross-functionally with engineering and security teams
- Experience working in corporate environments with internal penetration testing teams (preferred over agency-based consulting experience)
- Bachelor’s degree in either Cybersecurity, Computer Science, Information Security, or related field
Preferred Qualifications:
- Certifications in offensive security
- Published CVEs, blog posts, or walkthroughs on security research
- Malware development and reverse engineering experience
- Experience working in top security consulting firms or in-house red teams at major tech companies
- Hands-on experience with firmware penetration testing and IoT security.

- Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios
- Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services
- Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness
- Conduct Threat modelling, Threat Intelligence and scoping with stakeholders
- Assist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure
- Build Test harness & required Automation suites and validate attack vectors in Threat Lab
- Co-ordinate with program management, security architects at Internal & offshore sites
- Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices
- Research and developing exploits for zero-day vulnerabilities
- Conduct penetration test on IOT and Firmware Devices

Practical AI Security: Attacks, Defenses, and Applications

Beginner / Intermediate

15.5 hours - 115 videos
(See syllabus)

Included

Key Objectives

Who Should Attend?

Prerequisites

Duration

Technical Requirements

Syllabus

START LEARNING

Practical AI Security: Attacks, Defenses, and Applications

Buy for someone else

Enroll a group

Unlock Job Opportunities

AI Security Engineer*

Offensive AI Security Tester*

Adversarial Prompt Expert*

Created by

8kSec Academy

FEATURED LINKS

POLICIES

CONNECT WITH US

Practical AI Security: Attacks, Defenses, and Applications

Beginner / Intermediate

15.5 hours - 115 videos(See syllabus)

Included

Key Objectives

Who Should Attend?

Prerequisites

Duration

Technical Requirements

Syllabus

START LEARNING

Practical AI Security: Attacks, Defenses, and Applications

Buy for someone else

Enroll a group

Unlock Job Opportunities

AI Security Engineer*

Offensive AI Security Tester*

Adversarial Prompt Expert*

Created by

8kSec Academy

FEATURED LINKS

POLICIES

CONNECT WITH US

Live Trainings list:

On-demand courses list:

Sign up by enrolling in a course

Lead Application Penetration Tester*

iOS Application Security Engineer*

Specialist, Offensive Android Security*

Kernel Security Researcher*

Mobile Reverse Engineer*

Senior Lead Security Engineer - Mobile*

Reverse Engineer - Android*

Android Mobile Reverse Engineer*

Mobile Implant Software Engineer*

iOS Vulnerability Engineer (Software)*

Android Security Engineer*

Information Security Engineer (Android)*

Sr. Android Penetration Tester*

iOS Application Security Engineer*

iOS Engineer - Product Security*

AI Security Engineer*

Offensive AI Security Tester*

Adversarial Prompt Expert*

15.5 hours - 115 videos
(See syllabus)