AI Security Laboratory: Hands-On + Full-Stack (Lifetime Lab Access)
This training is a hands-on, full-stack guide to that landscape, showing how modern AI systems are attacked, built, and used in real-world security.
Training duration: 14 academic hours, all of which are theoretical and practical work (2 days).
Schedule: 8:00 AM–4:00 PM* or 9:00 AM–5:00 PM* (Zurich local time)
* to be decided around 2 weeks before the training start date.
Target audience: Security engineers, penetration testers, SOC analysts, developers, and others interested in AI security.
Prerequisites: Students should have a general understanding of application security and some experience with web technologies and APIs. Basic familiarity with programming or scripting, security testing practices, and working with the command line is recommended.
Technical requirements: Students will need a laptop with 64-bit operating system, at least 16 GB RAM, 120 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. You will need an OpenAI API key (required). A Lakera API key is optional.
Training objective
The objective of this course is: Hands-on, full-stack guide to AI security – showing how modern AI systems are attacked, built, and used in real-world security
Contents of this training
AI has introduced an entirely new layer of security risk — one that needs to be understood from both attacker and builder perspectives. This training is a hands-on, full-stack guide to that landscape, showing how modern AI systems are attacked, built, and used in real-world security.
You will work through the offensive side of AI security with prompt injection, jailbreaking, and fuzzing of LLM applications. You will also apply AI in security engineering and daily operations — turn AI building blocks into practical workflows and use AI security tools for everyday tasks.
Along the way, you will move into more advanced capabilities — building agentic AI for real-time security operations, applying AI to vulnerability research and PoC development, and exploring how smarter AI can assess other AI.
The training includes hands-on exercises, reusable Python scripts, and lifetime lab access — so you can continue practicing and applying what you learned long after the class ends.
What Students Will Receive:
Students will be given a VMware image with a specially prepared lab environment to work on many topics and exercises in this training. When the training is over, students can take the lab environment home (after signing a non-disclosure agreement) to continue practicing at their own pace.
After completing this training, you will have learned about:
- prompt injection: direct and indirect
- LLM jailbreaking
- fuzzing LLM applications
- AI-powered shell
- advanced prompting
- local LLMs / private AI
- AI programming
- AI attack detection
- OpenAI models and API
- embeddings
- quantization
- LLM Guard
- building agentic AI
- creating your own prediction model
- CVE research / PoC development with AI
- smarter AI assessing other AI
- specialized AI security tools
- and more …
The course is conducted in collaboration with Silesia Security Lab
Instructor
Instructor Dawid Czagan is an internationally recognized security researcher, trainer and the founder and CEO at Silesia Security Lab . He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience through his hands-on training courses. He has delivered training sessions at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector.
What Students Say / Recommendations are available on Dawid Czagan’s LinkedIn profile. They can also be found here: Silesia Security Lab.
Course agenda
- AI/LLM attack vectors, including various forms of prompt injection and LLM jailbreaking techniques
- AI programming for security practitioners — working with local LLMs / private AI and cloud models (OpenAI / API), and building AI workflows for security use cases (e.g. fully private AI setups)
- AI attack detection, including the use of local LLMs, anonymizing data before sending it to cloud LLM providers, and applying open-source defenses such as LLM Guard
- Fuzzing LLM applications, which differs from traditional fuzzing due to the non-deterministic nature of modern LLMs
- Using AI in security practitioners’ daily operations — including AI-powered shell, advanced prompting, and AI security tools
- Ready-to-use Python scripts, providing hands-on experience and reusable AI building blocks for daily security tasks
- Smarter AI assessing other AI, along with interesting AI techniques and projects for security practitioners
- CVE research and PoC development with AI
- Building agentic AI for real-time security operations
- and more …
Intended outcome
Learning objectives:
Upon the successful completion of this training course, you:
- know..
The price includes:
- the training is delivered by an instructor who holds at least level 5 of an adult educator qualification and has relevant work experience in the respective field;
Continuing Education Curriculum Group: Software and application development and analysis (0613 ISCED)
Trainer
-
Dawid CzaganAn internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Due to the severity of many bugs, he received numerous awards for his findings.Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience through his hands-on training courses. He has delivered training sessions at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations are available on Dawid Czagan’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
Related Events
