
? Download the lab kit (securing-agentic-ai-labs.zip) from the Resources section of this lecture, then unzip it and follow along.
This course contains the use of artificial intelligence.
Autonomous AI agents introduce entirely new attack vectors. The moment an LLM can call a shell, read a database, fetch a URL, send email, and run code across multiple steps, a single manipulation stops being unsafe text and becomes an executed action — at scale. This is action amplification, and it's why securing agents is its own discipline.
This is a practical, attack-then-defend course. You'll build a deliberately vulnerable agent — TaskPilot — on LangGraph and a local Llama model, then attack and harden it across eight hands-on labs. You'll exploit direct and indirect prompt injection, tool and command injection, SSRF, memory poisoning, plan hijacking, denial-of-wallet, agent-to-agent injection, and sandbox escape — then build the defenses: spotlighting and output handling, secure tool design, least-privilege permission brokers, MCP scoping, execution guards, container sandboxing with egress control, human-in-the-loop gates, tracing, runtime guardrails, and automated red-teaming with Garak and PyRIT.
Everything runs locally on a 16 GB laptop with Ollama — no paid API keys, no cloud accounts. Every lecture and lab is anchored to the frameworks that matter: the OWASP Top 10 for LLM Applications and the OWASP Agentic Security Initiative, MITRE ATLAS, the NIST AI Risk Management Framework, the EU AI Act, and ISO/IEC 42001. The capstone is a publishable red-team and remediation report you can adapt for client engagements.