Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Securing Agentic AI: Attack & Defend Autonomous Agents
New
1 students

Securing Agentic AI: Attack & Defend Autonomous Agents

Hands-on agent security: prompt injection, tool abuse, least privilege, sandboxing & red-teaming with LangGraph/MCP
Last updated 7/2026
English

What you'll learn

  • Map the attack surface of any agentic workflow: tools, memory, plan loop, multi-agent edges
  • Exploit prompt injection (direct & indirect), tool/command/SSRF injection, memory poisoning
  • Hijack agent plans and trigger denial-of-wallet; defend with execution guards
  • Enforce least privilege with permission brokers, MCP scopes, and approval gates
  • Secure multi-agent systems (CrewAI/AutoGen) against agent-to-agent injection & confused-deputy
  • Sandbox code execution with containers + egress control; defend the tool/MCP supply chain
  • Instrument tracing, build runtime guardrails, and run automated red-teaming (Garak, PyRIT)
  • Write a governance-grade red-team report mapped to OWASP, ATLAS, NIST, EU AI Act, ISO 42001

Course content

8 sections45 lectures3h 34m total length
  • Welcome — Why Securing Agents Is a New Discipline5:24
  • Anatomy of an Agent — The Perceive-Plan-Act Loop5:36
  • The Agent Attack Surface — Where Trust Breaks5:49
  • Threat Frameworks — OWASP, MITRE ATLAS, NIST AI RMF5:38
  • Meet TaskPilot — Your Vulnerable Lab Agent4:56
  • Set Up Your Lab Environment (macOS · Windows · Linux)5:41

    ? Download the lab kit (securing-agentic-ai-labs.zip) from the Resources section of this lecture, then unzip it and follow along.

  • Lab 1 — Build & Map a Vulnerable Agent (TaskPilot)5:00
  • Section 1 Quiz — Foundations of Agent Security
  • Threat-Model an Agentic Workflow's Attack Surface

Requirements

  • Python fluency; familiarity with OWASP-style security frameworks
  • Sandbox code execution with containers + egress control; defend the tool/MCP supply chain

Description

This course contains the use of artificial intelligence.

Autonomous AI agents introduce entirely new attack vectors. The moment an LLM can call a shell, read a database, fetch a URL, send email, and run code across multiple steps, a single manipulation stops being unsafe text and becomes an executed action — at scale. This is action amplification, and it's why securing agents is its own discipline.

This is a practical, attack-then-defend course. You'll build a deliberately vulnerable agent — TaskPilot — on LangGraph and a local Llama model, then attack and harden it across eight hands-on labs. You'll exploit direct and indirect prompt injection, tool and command injection, SSRF, memory poisoning, plan hijacking, denial-of-wallet, agent-to-agent injection, and sandbox escape — then build the defenses: spotlighting and output handling, secure tool design, least-privilege permission brokers, MCP scoping, execution guards, container sandboxing with egress control, human-in-the-loop gates, tracing, runtime guardrails, and automated red-teaming with Garak and PyRIT.

Everything runs locally on a 16 GB laptop with Ollama — no paid API keys, no cloud accounts. Every lecture and lab is anchored to the frameworks that matter: the OWASP Top 10 for LLM Applications and the OWASP Agentic Security Initiative, MITRE ATLAS, the NIST AI Risk Management Framework, the EU AI Act, and ISO/IEC 42001. The capstone is a publishable red-team and remediation report you can adapt for client engagements.

Who this course is for:

  • Security engineers, red-teamers, AppSec leads, and AI/platform engineers building or defending agents
  • Instrument tracing, build runtime guardrails, and run automated red-teaming (Garak, PyRIT)