Advanced Training · DART Cybersecurity

Applied AI Cybersecurity

A 3-day intensive programme equipping development and engineering professionals with the foundational knowledge to identify AI security risks, evaluate AI SaaS providers, and collaborate effectively with cybersecurity teams.

About This Course

As AI systems become increasingly integrated into government operations, they present evolving security challenges that require dedicated attention from cybersecurity leadership. The rapid adoption of AI has created a critical gap: while these systems are fundamentally software that should follow well-established cybersecurity practices, their unique characteristics demand new approaches to risk assessment, threat modelling, and security controls.

AI systems possess distinctive properties that differentiate them from traditional software and create novel security vulnerabilities. They are dynamic and adaptive, learning and changing behaviour based on data and interactions, making vulnerabilities harder to identify and contain. They perform complex tasks at unprecedented scale with reduced human oversight, meaning security failures can have amplified impacts across entire organisations. Most critically, LLM-based applications suffer from a fundamental design vulnerability - instructions and data are passed on the same channel - creating opportunities for prompt injection and model extraction. This, together with other AI-related attacks such as data poisoning and adversarial examples, creates threats that traditional security controls were not designed to address.

Meanwhile, adversaries are actively targeting AI systems as high-value assets, seeking to extract proprietary models, poison training data, manipulate outputs, and exploit the trust organisations place in AI-driven decisions. This 3-day course equips development and engineering professionals with the foundational knowledge needed to identify AI security risks, evaluate AI SaaS providers, and work effectively with cybersecurity teams.

Who Should Apply

👔 Software engineers

🛡️ Cloud engineers

📋 Network engineers

⚖️ Product managers

What Your Team Will Be Able To Do

✓

Describe the key concepts of modern AI systems, including the types of AI (analytical, generative, agentic; foundation models and LLMs), the components of models and systems, the end-to-end AI lifecycle (including data hygiene and performance evaluation), prompt and context engineering, responsible AI (e.g., bias and fairness, transparency and explainability, privacy, human-in-the-loop, accountability), and real-world cybersecurity applications.

✓

Identify well-established AI security risks and the key controls to address them

✓

Formulate the right questions to ask AI SaaS providers when evaluating security posture, expressing requirements, and managing ongoing engagements

✓

Communicate effectively with cybersecurity professionals on AI security issues using appropriate vocabulary and foundational concepts

✓

Describe how organisations adopt AI in practice, including the business, technical, and compliance perspectives, responsible AI considerations, the regulatory landscape, and AI governance frameworks

✓

Demonstrate basic use of no-code AI tools (such as n8n, Base44, and Claude Code for non-programmers), and discuss the security implications of their use.

Programme Curriculum

Module 1: AI Foundations and Anatomy of AI Systems

▼

We begin by exploring the AI landscape and the distinctions between analytical AI, generative AI, and agentic AI - understanding how these different paradigms process information, produce outputs, and create different security surfaces. We also introduce foundation models and LLMs as the technology underpinning much of today's AI.

We then turn to the anatomy of an AI model. Participants get an intuitive non-mathematical introduction to neural networks, weights, and how learning actually occurs. From there, we cover the Transformer architecture and why it transformed the field, and how modern foundation models are constructed — pretraining on large corpora, supervised fine-tuning on curated examples, and reinforcement learning from human feedback (RLHF). We close with the model access landscape: open source, open weights, and closed (proprietary) models; pre-trained versus fine-tuned models; and the implications of consuming third-party APIs (such as OpenAI or AWS Bedrock) versus running self-hosted models.

Participants will learn about the key building blocks of AI systems, specifically, Large Language Models (LLMs), prompt engineering and context engineering techniques, reasoning models (including ReAct and Chain-of-Thoughts prompting), memory systems (including chat history and Retrieval-Augmented Generation for accessing knowledge bases), and tools (via function calling, Model Context Protocol, Skills). Best-practice guardrails (input and output) will be briefly presented (more on that in the following days).

Participants will examine the AI supply chain through the lens of roles, responsibilities, and resources: developers who build models, deployers who integrate them into systems, operators who maintain them, and users who interact with them, alongside the critical resources that flow through this supply chain - models, software (frameworks, libraries), hardware (GPUs, storage, inference infrastructure), data (training datasets, fine-tuning data, retrieval databases), and compute (training resources, inference costs). This will be done via a walk-through of the end-to-end AI lifecycle, from data preparation through training, evaluation, deployment, and monitoring. A short discussion of responsible AI — bias and fairness, transparency and explainability, privacy, human-in-the-loop oversight, and accountability — closes the section.

The content will be delivered in a very hands-on manner: participants progressively build a simplified agentic AI system using the n8n framework (no coding; drag-and-drop), inspired by GovTech's AIBots platform. Each implemented functionality is preceded by a short lecture presenting the topics discussed above. Note that the practical exercise of building an AI agent is used to demonstrate the anatomy of AI systems in production and their attack surfaces - it is not intended as a tutorial on building AI agents.

Module 2: Cybersecurity Attacks and Defences of AI Systems

▼

This session focuses on understanding the threat landscape for AI systems and implementing effective security controls, grounded within existing security frameworks to enable integration with organisations' current cybersecurity programs.

We start by recognising that AI systems face both traditional software vulnerabilities and novel attack vectors unique to machine learning. Participants will follow and understand OWASP's top 10 for LLM applications and generative AI security. Real-world examples and exercises will demonstrate how applications using AI (“AI You Build”) adds new kinds of risk, along with common and practical mitigations.

The course deep dives into critical threat families:

1. Direct and Indirect prompt injection, system prompt leakage and jailbreaking

2. Function calls, Tools (including MCP) and RAG as attack surfaces

3. AI supply chain and model loading attacks

Beyond these deep dives, we provide an overview of additional attack techniques catalogued in MITRE ATLAS, ensuring participants have broad awareness of the full threat landscape. We will also present the unique security risks of building software with AI (e.g., vibe coding).

Each attack family follows the hands-on Attack-Defend method: a red-teaming workflow where participants first exploit vulnerabilities against an agentic AI system, like the one they built on Day 1 and then discuss defenses.

Throughout the module, we present real-world case studies of AI attacks and defences from recent years, grounding theoretical concepts in actual incidents.

Furthermore, these days are designed to require no coding skills and no deep cybersecurity knowledge and will be carefully facilitated to accommodate the diverse background of the learners.

Module 3: Adopting AI in Organisations

▼

This session examines how organisations adopt AI in practice across business, technical, and compliance dimensions. Participants trace projects from business requirement to technical implementation, address the responsible AI considerations that emerge along the way, and survey the regulatory landscape and governance frameworks (e.g., EU AI Act, NIST AI RMF, AI Verify) that organisations might need to work within.

The session then turns to no-code AI tools increasingly used inside organisations. Participants get hands-on experience with Base44, followed by a full end-to-end demonstration of Claude Code, accompanied by a security analysis of the risks this class of tool introduces.

Module 4: Evaluating AI SaaS Providers

▼

This half-day equips participants with the knowledge to evaluate AI SaaS providers and express security requirements effectively. Building on the risks and controls covered in Days 1-2, participants will learn how to translate that knowledge into practical vendor assessment.

We examine what makes AI vendor evaluation different from traditional SaaS assessment - AI vendors introduce risks not fully covered by standard frameworks like SOC 2 or ISO 27001. Building on Cloud Security Alliance's AI Control Matrix framework and OWASP AI resources, the session covers the key question categories for AI SaaS evaluation, including data handling, model and inference security, supply chain and dependencies, and transparency and monitoring. We conclude with practical guidance on expressing security requirements to vendors - what to ask for, what good answers look like, and red flags to watch for.

This session includes a hands-on exercise of analyzing Claude Code and Base44 with the AI Control Matrix framework.