advanced search
Do you have any questions?
+420 731 175 867 (Mo-Fr: 9A.M.-5P.M.)
EN
0 Basket

Offensive AI Exploits and Security (LFWS320)

Course code: LFWS320

LLM applications introduce a new class of vulnerabilities that existing playbooks weren’t designed to address. This hands-on course gives you the specialized offensive knowledge to find, exploit, and remediate all 10 attack classes in the OWASP® Top 10 for LLM applications, from RAG prompt injections to multi-agent pipeline poisoning.

945 EUR

1 143 EUR including VAT

Selection of dates
onas
Do you have a question?
+420 731 175 867 edu@edutrainings.cz

Professional
and certified lecturers

Internationally
recognized certifications

Wide range of technical
and soft skills courses

View soft skills courses

Great customer
service

Making courses
exactly to measure your needs

Course dates

Starting date: Upon request

Type: Virtual

Course duration: 1 day

Language: en/cz

Price without VAT: 945 EUR

Register

Starting
date		 Place
Type Course
duration		 Language Price without VAT
Upon request Virtual 1 day en/cz 945 EUR Register
G Guaranteed course

Didn't find a suitable date?

Write to us about listing an alternative tailor-made date.

Contact

Course description

  • Exploit all 10 vulnerability classes in the OWASP® Top 10 for LLM Applications, including prompt injection, guard bypass, indirect injection, memory poisoning to multi-agent pipeline poisoning, and recommend LLM-native defensive architectures to remediate them.
  • Move into AI red-teaming, LLM penetration testing, and AI security engineering roles by demonstrating the ability to assess, exploit, and advise on the security of LLM-powered applications.

Target group

For penetration testers, red teamers, security engineers, and AI/ML engineers who need hands-on offensive skills for LLM-powered applications. Also relevant for AppSec and DevSecOps professionals integrating AI into existing pipelines.

Course structure

Introduction & Setup

  • LLM architectures (RAG, agents, multi-agent), OWASP® Top 10, attack surface mapping.

Direct Prompt Injection

  • RAG attacks, semantic retrieval, data extraction, dual-LLM defenses.
Guard Bypass
  • Encoding bypass, synonym attacks, multi-step extraction, guard hardening.
IP/Header Spoofing
  • X-Forwarded-For, LLM auth delegation risks, context injection.
Agent Tool Abuse
  • LangChain/LangGraph abuse, command execution, tool scoping.
Indirect Injection & SSRF
  • Data vs instruction boundary, webhook SSRF, sanitization.
Multi-Modal Injection
  • Vision model attacks, steganography, dual-vision guards.
Memory Poisoning
  • Conversational memory abuse, escalation spoofing.
Schema Confusion
  • Function-calling abuse, path traversal, tool ambiguity.
Customer Support AI
Multi-Agent Poisoning
Capstone & Wrap-Up

Prerequisites

  • Familiarity with web application security (HTTP, REST APIs, input validation, injection attacks).
  • Experience with an HTTP interception tool such as Burp Suite or OWASP® ZAP.
  • Python proficiency at a read-and-modify level, and the ability to interact with APIs using curl or Python requests.
  • Basic awareness of LLMs, system/user prompt structure, RAG as a concept, and LLM agents and tool calling at a conceptual level.

Do you need advice or a tailor-made course?

onas

product support

+420 731 175 867

edu@edutrainings.cz

ComGate payment gateway MasterCard Logo Visa logo