9:00 AM – 6:00 PM · 5 Days

Gen AI & Agentic AI Security Training

By the end of this program, participants will be able to:

  • Understand how modern AI, GenAI and Agentic AI systems work
  • Identify, detect and respond to AI-specific threats in enterprise SOC environments
  • Design secure AI architectures and guardrails
  • Apply AI governance, compliance and privacy principles operationally
  • Conduct incident response and threat hunting for AI-driven systems
  • Confidently assess and mature an AI-enabled SOC
Walk the programDelivery requirements
Days
5

9am–6pm sessions

Modules
10

across foundation → capstone

Hands-on labs
10

Colab, SIEM, sandboxed VM

Class time
31h 10m

structured + breaks

Day 016h 55m total

Foundations of AI & Deep Learning

Demystify the math behind modern AI — from classical ML to deep neural networks and Transformers.

Module 011 lab · 3h 15m

Machine Learning & Predictive Modelling

Learn how ML works, where it fits, and how to evaluate it against real client problems.

  1. Framing

    Opening + Framing

    • Introduction to AI: it is math, not magic
    • How AI works
    10 min
  2. Lecture

    Theory Block 1

    • What is ML
    • Three types of learning (supervised, unsupervised, reinforcement)
    • Training vs. Inference
    • Identifying ML problems in use cases
    40 min
  3. Lecture

    Theory Block 2

    • ML use cases mapped to client business use cases
    • The feature engineering problem statement
    • How to evaluate models
    • Common pitfalls and how to improve accuracy
    40 min
  4. Break

    Break

    15 min
  5. Lab

    Lab — Anomaly Detection & Threat Forecasting

    • Pre-filled Google Colab notebook with data and code cells
    • Dataset from Kaggle / Hugging Face
    • Problem: anomaly detection, alert quality optimization, threat forecasting
    1h
  6. Debrief

    Theory Block 3 + Debrief

    • What ML cannot do
    • What did the data tell us
    • Teaser to deep learning
    30 min
Module 022 labs · 3h 40m

Deep Learning & Neural Networks

Move from structured data to unstructured — CNNs, RNNs, Transformers, and why self-attention changed everything.

  1. Framing

    Recap + Framing

    • Callback to deep learning
    • Showcase how it works with unstructured data
    • Show a neural network animation in action
    15 min
  2. Lecture

    Theory Block 1

    • Types of neural networks
    • Deep Learning use cases (NLP, CV, Audio)
    • Examples of CNNs, RNNs, and Transformers
    • Why self-attention changes the game
    40 min
  3. Lecture

    Theory Block 2

    • Detailed explanation of Transformers with animation
    • Correlate to current AI chatbots — AI SOC Assistant
    • Multimodality, reasoning, and why they help in business
    • Pre-training vs. fine-tuning
    • What are hallucinations and why they occur
    40 min
  4. Break

    Break

    15 min
  5. Lab

    Lab Part A — CNN Object Detection

    • Pre-trained model on Colab Notebooks
    • Visible ETL and training stats in code cells
    • Inference code cell
    40 min
  6. Break

    Break

    15 min
  7. Lab

    Lab Part B — Multi-Modal Transformer Inference

    • Pre-coded, secured GitHub repo with inference on a downloaded SLM
    • Access to gemma4:e2b via Ollama / Hugging Face / Ollama Cloud
    • Use cases: Document Intelligence, Meeting Notes, Contract Risk
    • Showcase hallucination risk with smaller models
    40 min
  8. Debrief

    Theory Block 3 + Debrief

    • What AI got wrong and why
    • What can be done for better performance (introduce RAG vs. Fine-Tuning)
    • Teaser: what if AI could do more?
    15 min
Day 026h 15m total

GenAI, Agentic AI & the Evolving Threat Landscape

From tool to actor — autonomy, agents, and the new attack surface that comes with them.

Module 011 lab · 3h

GenAI & Agentic AI with SOC Use Cases

Memory, tools, planning — what an agent actually is, and where it earns its keep in a SOC.

  1. Framing

    Recap + Framing

    • Quick recap of Day 1
    • Shift AI from tool to actor
    • Introduce autonomy (e.g. OpenClaw) and risks that arise
    15 min
  2. Lecture

    Theory Block 1

    • What is Gen AI
    • What an agent is (memory, tools, planning)
    • Agent types (personal / workflow / operational / multi-agent)
    • Introduction to LangChain, LangGraph, and MCP
    • An introduction to Vibe Coding
    1h
  3. Break

    Break

    15 min
  4. Lab

    Lab — L1 / L2 / L3 GenAI & Agentic Use Cases

    • Hands-on exercise across tiered use cases
    1h 30m
Module 021 lab · 3h 15m

Threat Landscape — Generative AI & Agentic AI

OWASP LLM Top 10, MITRE ATLAS, and the agent-specific threats that don't fit traditional taxonomies.

  1. Lecture

    Theory Block 1

    • AI-specific threats vs. traditional cyber risks
    • GenAI / Agentic AI Attack Taxonomy — OWASP Top 10 for LLMs
    • Agentic AI Threat Model — tool misuse, memory poisoning, goal hijacking, multi-agent risks
    • Demo — prompt injection on SOC assistant
    1h 30m
  2. Break

    Break

    15 min
  3. Lab

    Lab — STRIDE & MITRE ATLAS Mapping

    • Asset and attack-path identification on real architectures
    1h 30m
Day 035h 45m total

Securing GenAI & Agentic AI Systems

Architecture, guardrails, and detection rules that hold up when the model is the attack surface.

Module 011 lab · 3h

Securing GenAI Systems

API security, RAG risks, secure prompts and access controls — applied to a real pipeline.

  1. Framing

    Recap + Framing

    • Quick recap of Day 2
    • Gen AI architecture overview
    15 min
  2. Lecture

    Theory Block 1

    • Secure Gen AI architecture — API security, RAG risks, access controls, secure prompts
    • Demo — secure vs. insecure RAG pipeline
    1h
  3. Break

    Break

    15 min
  4. Lab

    Lab — Building Guardrails for Gen AI

    • Hands-on guardrail implementation
    1h 30m
Module 021 lab · 2h 45m

Securing Agentic AI Systems

Least privilege for agents, tool access control, anomalous-behavior detection — and the SIEM rules to catch it.

  1. Lecture

    Theory Block 1

    • Secure Agentic AI architecture — least privilege, tool access control, anomalous agent behavior
    • Demo — restricted access agent
    1h
  2. Break

    Break

    15 min
  3. Lab

    Lab — Build SIEM Detection Rules for AI Threats

    • Author and tune detections in a live SIEM
    1h 30m
Day 046h 15m total

AI Governance, Compliance & SOC Maturity

Responsible AI, ISO 42001, NIST AI RMF, EU AI Act — and the governance structure that makes them operational.

Module 013h 30m

AI Governance & Compliance

The frameworks, the controls, and the committees that make Responsible AI more than a slogan.

  1. Framing

    Recap + Framing

    • Quick recap of Day 3
    • Considerations — Responsible AI
    15 min
  2. Lecture

    Theory Block 1 — Frameworks

    • Principles of Responsible AI
    • Privacy and security concerns
    • Overview of existing AI laws and regulations
    • ISO 42001 — AIMS overview
    • NIST AI RMF overview
    • EU AI Act overview
    1h 30m
  3. Break

    Break

    15 min
  4. Lecture

    Theory Block 2 — Operating Model

    • AI governance models (centralised, decentralised, federated)
    • Designing AI governance committees
    • Pillars of AI governance
    • AI governance controls across key architectural layers
    1h 30m
Module 022h 45m

AI SOC Maturity & Privacy in AI

PETs, privacy-by-design, and a maturity model for an AI-enabled SOC.

  1. Lecture

    Theory Block 1 — Privacy in AI

    • Foundation principles of data privacy
    • Privacy concerns due to AI
    • Privacy enhancing techniques (PETs) for AI
    1h 30m
  2. Break

    Break

    15 min
  3. Lecture

    Theory Block 2 — Maturity Model

    • AI SOC Maturity Model
    1h
Day 056h total

Incident Response, Threat Hunting & Capstone

End-to-end breach simulation and a red-team capstone against a live multi-agent system.

Module 011 lab · 3h 30m

Incident Response & Threat Hunting for Agentic AI

Playbooks for prompt injection, data leakage, and rogue agents — exercised end-to-end.

  1. Framing

    Recap + Framing

    • Quick recap of Day 4
    15 min
  2. Lecture

    Theory Block 1

    • Incident response & threat hunting for Agentic AI
    • Playbooks for prompt injection, data leakage, rogue agents
    1h 30m
  3. Break

    Break

    15 min
  4. Lab

    Lab — End-to-end AI Breach Simulation

    • L1 triage → L3 RCA
    1h 30m
Module 022 labs · 2h 30m

Capstone Project

Build, secure, and red-team a GenAI-powered SOC assistant — the final exam.

  1. Lab

    Lab Part A — AI-Driven SOC Alert Triage Assistant

    • GenAI-powered assistant: summarizes alerts, suggests severity, recommends next steps based on historical incidents
    • Participants evaluate, secure, and operate it from a SOC perspective
    1h
  2. Break

    Break

    15 min
  3. Lab

    Lab Part B — Red-Teaming an Agent

    • Pre-created multi-agent architecture in a sandboxed VM, exposing an API
    • Participants attempt to extract confidential data, delete systems, or coerce other actions
    • Each failed attempt returns the reason + the security concept used
    1h
  4. Debrief

    Debrief + End

    • Review of learnings
    • Q & A
    • CTA / next steps
    15 min

Delivery requirements

What we'll need from your environment

  • Enterprise Google Colab Subscription and/or Claude AI subscription
  • GitHub Organization Account (Optional but required for GitHub Copilot)
  • Ollama Cloud Account or local Ollama server per machine
  • Sandboxed Virtual Machine with isolated network for red team lab (any cloud)
  • Dedicated virtual network (VNet/VPC); VMs for SOC tools and admin access
  • Container platform (e.g., Kubernetes) for AI and agent workload
  • Stable high-bandwidth internet in the room