AI has introduced an entirely new layer of security risk — one that needs to be understood from both attacker and builder perspectives. This training is a hands-on, full-stack guide to that landscape, showing how modern AI systems are attacked, built, and used in real-world security.
You will work through the offensive side of AI security with prompt injection, jailbreaking, and fuzzing of LLM applications. You will also apply AI in security engineering and daily operations — turn AI building blocks into practical workflows and use AI security tools for everyday tasks.
Along the way, you will move into more advanced capabilities — building agentic AI for real-time security operations, applying AI to vulnerability research and PoC development, and exploring how smarter AI can assess other AI.
The training includes hands-on exercises, reusable Python scripts, and lifetime lab access — so you can continue practicing and applying what you learned long after the class ends.
Students should have a general understanding of application security and some experience with web technologies and APIs. Basic familiarity with programming or scripting, security testing practices, and working with the command line is recommended.
About the instructor: Dawid Czagan
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
Topics Covered
1) AI/LLM attack vectors, including various forms of prompt injection and LLM jailbreaking techniques
2) AI programming for security practitioners — working with local LLMs / private AI and cloud models (OpenAI / API), and building AI workflows for security use cases (e.g. fully private AI setups)
3) AI attack detection, including the use of local LLMs, anonymizing data before sending it to cloud LLM providers, and applying open-source defenses such as LLM Guard
4) Fuzzing LLM applications, which differs from traditional fuzzing due to the non-deterministic nature of modern LLMs
5) Using AI in security practitioners' daily operations — including AI-powered shell, advanced prompting, and AI security tools
6) Ready-to-use Python scripts, providing hands-on experience and reusable AI building blocks for daily security tasks
7) Smarter AI assessing other AI, along with interesting AI techniques and projects for security practitioners8) CVE research and PoC development with AI9) Building agentic AI for real-time security operations
10) and more …
What Students Should Bring
Students will need a laptop with 64-bit operating system, at least 16 GB RAM, 120 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. You will need an OpenAI API key (required). A Lakera API key is optional.
As AI is an evolving field, additional requirements may be shared ahead of the training if needed.
FAQ – AI Security Laboratory: Hands-On + Full-Stack
Hva koster kurset?
Kursavgiften er 19 700 NOK.
Hvor lenge varer kurset?
Kurset går over 2 intensive dager med fokus på praktiske øvelser, labs og virkelighetsnære AI-sikkerhetsscenarioer.
Hvem passer kurset for?
Kurset er utviklet for sikkerhetsprofesjonelle som ønsker å forstå både offensive og defensive aspekter ved AI-sikkerhet.
- Penetrasjonstestere og Red Team-medlemmer
- Security Engineers og DevSecOps-profesjonelle
- SOC-analytikere og Incident Responders
- Applikasjonssikkerhetskonsulenter
- Cyber Security-spesialister
- Utviklere med interesse for AI-sikkerhet
Hvilke forkunnskaper anbefales?
Deltakerne bør ha generell forståelse for applikasjonssikkerhet samt noe erfaring med webteknologier og API-er. Grunnleggende kjennskap til programmering, sikkerhetstesting og kommandolinje anbefales.
Hva lærer jeg på kurset?
Du lærer blant annet:
- Prompt injection og LLM-jailbreaking
- Fuzzing av LLM-applikasjoner
- Bruk av lokale og skybaserte språkmodeller
- AI-programmering for sikkerhetsformål
- AI-basert angrepsdeteksjon
- Bruk av OpenAI API-er og embeddings
- Implementering av LLM Guard og andre forsvarsmekanismer
- Bygging av agentiske AI-løsninger
- CVE-research og PoC-utvikling med AI
- AI-drevet sikkerhetsautomatisering
Er kurset praktisk rettet?
Ja. Kurset er sterkt lab-basert og inkluderer omfattende hands-on øvelser, ferdige Python-skript og praktiske sikkerhetsoppgaver.
Får jeg tilgang til labmiljø etter kurset?
Ja. Deltakerne får livstids tilgang til labmiljøet og kan fortsette å øve etter kurset. Etter signering av NDA kan labmiljøet tas med videre for egen trening.
Hva trenger jeg å ha med?
Du må ha med egen laptop med:
- 64-bit operativsystem
- Minimum 16 GB RAM
- Minimum 120 GB ledig diskplass
- Administrative rettigheter
- VMware Player eller VMware Fusion installert
- Mulighet til å deaktivere antivirus og brannmur ved behov
- Gyldig OpenAI API-nøkkel
Hvem er instruktør?
Kurset ledes av Dawid Czagan, internasjonalt anerkjent sikkerhetsforsker, bug bounty-jeger og foredragsholder på blant annet DEF CON, OWASP Global AppSec og Hack In The Box.
Inkluderer kurset sertifisering?
Nei. Kurset fokuserer på praktiske ferdigheter, labs og kompetansebygging innen AI-sikkerhet, men leder ikke til en formell sertifiseringseksamen.
Kan kurset leveres bedriftsinternt?
Ja. Kurset kan leveres som bedriftsinternt kurs for virksomheter som ønsker å bygge AI-sikkerhetskompetanse internt.
AI Security & Governance
AI Development & Engineering
Offensive Security
Cybersecurity Architecture & Strategy
