
Engage in a hands-on course on generative AI risks and cybersecurity, mastering prompt injection, jailbreaking, data poisoning, and defenses with guardrails and monitoring under EU AI Act.
Set up your lab environment to practice hands-on generative AI risk and cybersecurity skills, connecting to a local LLM model for prompt injection, jailbreaking, data poisoning, and defensive guardrails.
Make your first api call to a local ai model on alima and examine the response structure, including prompt tokens, response tokens, total tokens, and token usage metadata.
Identify and defend against the OWASP LLM top 10 vulnerabilities, from prompt injection to training data poisoning, that shape GenAI risk across NoviAssist, NoviCode, and NoviComply.
Study genai breaches through case studies to show deployment speed outpacing security readiness, revealing conversation history exposure and insider threats, and learn an incident preparedness model with prevention, detection, containment.
Probe ai hallucinations by testing a fictitious researcher and paper to reveal fabrication, then compare with a real researcher to highlight verifiable facts and security risks.
Learn how prompt injection breaches the model's instruction flow by injecting into system prompts, translation tasks, and context, exposing credentials and triggering dangerous behavior.
Examine indirect prompt injection, where hidden instructions embedded in data processed by ai expand the attack surface of retrieval-augmented generation pipelines and enable data exfiltration.
Explore indirect prompt injection and data exfiltration, including hidden instructions that override legitimate tasks, and learn defenses like input sanitization and output validation to prevent leakage.
Test three jailbreaking approaches—DAN, roleplay, and hypothetical framing—to assess how they bypass safety guardrails. Evaluate safety ratings and defense in depth.
Investigate data poisoning, where attackers corrupt the training data and pipelines to embed backdoor behavior or manipulate labels. It creates models that appear normal yet produce attacker-controlled outputs under triggers.
Explore how bias in AI represents a security risk with regulatory penalties under the EU AI Act, and apply paired demographic testing, intersectional analysis, and adversarial probing to mitigate discrimination.
Explore SSRF risks in AI systems through tool use and function calling, highlighting attack surfaces, prompt injection, and defense strategies like allowlisting, parameter validation, and network segmentation.
Examine how AI hallucinations trigger security risks by enabling supply chain attacks through fabricated package names, citations, endpoints, and LLM-09 over-reliance, and learn verification-based mitigations.
Adopt a five-layer defense-in-depth for AI, using input validation, guardrails, sandboxing, output filtering, and monitoring to mitigate prompt injection, data poisoning, and other AI-specific threats.
Learn how layered input validation stops prompt injections before reaching the model, using syntactic checks, semantic classification, and contextual analysis to enforce domain boundaries and mitigate attacks.
Discover how output filtering guards users by evaluating content, using RegEx to detect emails, SSNs, and phone numbers, with URL checks and code blocks managed by tiered policy enforcement.
Explore sandboxing and isolation strategies that contain ai-driven ssrf attacks by enforcing network segmentation, function call sandboxes, per-request data scoping, and strict credential least privilege.
Discover how AI-specific monitoring detects attacks with telemetry, token usage, and conversation-level analysis, enabling rapid incident response through circuit breakers and post-incident learning.
Navigate a time-critical AI incident by crafting and evaluating an incident response plan for a prompt-injection breach in a customer-facing chatbot, applying NIST SP 800-61 and SANS methodologies.
Adopt privacy by design with secure defaults, data governance, and content classification to minimize exposure, enforce token budgets, and prevent credential leakage in GenAI systems.
Explore how an AI red team tests model behavior and defenses, validating input validation, guardrails, sandboxing, output filtering, and monitoring against prompt injection and jailbreaking.
Generate a professional red team report for AI security, presenting executive summary, methodology, findings with severity, and prioritized remediation for leadership.
Explore the 2026 EU AI Act risk tiers and high-risk obligations, NIST AI RMF, ISO-IEC 4-2001, and jurisdictional mappings via a five-phase compliance roadmap.
Map regulatory obligations to technical controls, documentation, and procedures to achieve EU-AI Act conformity for genai systems, and build risk management, data governance, and transparent human oversight with evidence.
Evaluate a system against the EU artificial intelligence act and classify it as high risk in employment; the lab maps articles and outlines required risk management and oversight.
Reveal how audits miss AI-specific risk surfaces and prompt injection vulnerabilities. Explain AI audits extending scope to training data provenance, model behavior, and system prompt security under conformity rules.
Generate a tailored AI policy for a financial services firm, outlining approved uses, data handling, security controls, and governance to meet EU AI Act, GDPR, and SOC 2.
Identify copyright and IP risks in fine-tuning data through training data provenance and licensing rights. Implement governance and safety controls to address open-source licenses and derivative works.
Generative ai-powered phishing campaigns use polymorphic, personalized messages and ai-assisted reconnaissance to outpace traditional defenses, emphasizing adaptive defense and threat intelligence for automated detection.
Discover how agentic ai expands autonomy and attack surfaces, detailing six attack categories and layered mitigations like tool profiles, parameter validation, drift detection, and output filtering.
Examine how quantum threats jeopardize RSA, ECC, and TLS, driving a multi-year migration to post-quantum standards and hybrid key exchange for API transport and supply-chain security.
Learn how generative AI security evolves with techniques like prompt injection and adversarial testing. Understand governance frameworks and career paths in AI risk and compliance.
Engage in a full red team exercise against a hardened ai system to test defense in depth, exploring prompt extraction, jailbreak, scope escape, and social engineering with actionable remediation.
The course "Risks and Cybersecurity in Generative AI" offers a comprehensive exploration into the intersection of artificial intelligence and cybersecurity. This course is designed to provide you with a thorough understanding of the potential risks and security measures necessary for deploying generative AI technologies safely and responsibly.
Starting with an introduction to the basics of AI and generative models, you will learn about the broad applications and benefits of generative AI, followed by an initial look at AI security considerations. The course progresses into a detailed examination of core cybersecurity risks such as data privacy, breaches at AI service providers, and the evolution of threat actors, equipping you with strategies to protect sensitive information and mitigate risks.
Further, you will delve into specific attack vectors and vulnerabilities unique to AI, including data leakage, prompt injections, and the challenges of inadequate sandboxing. Each module is structured to provide practical knowledge through real-world examples and demonstrative sessions, enhancing your learning experience.
The course also addresses network-level risks and AI-specific attacks, covering critical areas like Server Side Request Forgery (SSRF), DDoS attacks, data poisoning, and model bias. The final modules focus on legal and ethical considerations, guiding you through navigating intellectual property challenges and promoting ethical guidelines in AI development and usage.
By the end of this course, you will be well-prepared to assess, address, and advocate for robust cybersecurity practices in the field of generative AI, ensuring these technologies are developed and deployed with the highest standards of security and ethical considerations.