
Explore prompt-based extraction attacks and 13 attack vectors in LLM deployments, including membership inference, training data reconstruction, context window probing, system prompt extraction, and rag poisoning.
Discover how the LLM supply chain creates security risk across seven trust boundaries, from pre-trained base models to third-party APIs and MLOps, with practical SBOM governance.
Map four stages of the llm supply chain, from data to deployment, and examine backdoors, data poisoning, plugin abuse, and dependency hijacking, with defense controls like provenance and hermetic builds.
explores excessive agency in ai systems, defining agency, outlining risks of autonomous action, and applying controls such as least privilege, human oversight gates, and tool restrictions.
Artificial intelligence is no longer experimental — it's in production. LLM-powered applications are being deployed across finance, healthcare, legal, and enterprise software at scale. And attackers are already exploiting them.
This course is the most comprehensive practitioner-built guide to the OWASP Top 10 for LLM Applications (2025 edition). Built for security professionals, developers, and architects who need to understand not just the theory, but how these vulnerabilities are exploited and how to stop them.
You will work through all 10 OWASP LLM risks in structured depth — starting with the architecture of LLM applications, moving through every vulnerability class with real attack scenarios, and finishing with a complete secure design framework you can apply immediately.
The course covers Prompt Injection in four dedicated modules — from direct and indirect injection to agentic pipeline hijacking and multimodal attacks. You'll learn how attackers exfiltrate data through poisoned RAG systems, backdoor models through supply chain compromise, and exploit excessive AI agent permissions to escalate privileges across enterprise environments.
The 2025-specific risks receive special attention: System Prompt Leakage and Vector & Embedding Weaknesses are new entries that reflect how real-world LLM deployments have evolved — and both are significantly under-covered elsewhere.
Every section follows a consistent three-part structure: understand the vulnerability, learn how it is exploited, then implement the defenses. The final section brings everything together with threat modeling methodology, a secure LLM application reference architecture, and a practical compliance mapping to EU AI Act, NIST AI RMF, GDPR, and SOC2.
This is a slides-based course built for focused learning — no fluff, no filler. Just the knowledge you need to secure AI systems in 2025 and beyond.
By the end of this course you will be able to threat model any LLM application, identify and demonstrate every OWASP LLM risk, and implement the architectural controls that prevent them.