AI Agent Security Masterclass

About This Course

Generative AI and AI agents are revolutionising application development – enabling teams to ship production-grade software faster than ever before. But that speed comes with risk. Security engineering must keep pace, and most teams aren’t ready.

In this hands-on two-day masterclass, AppSec engineers and DevSecOps professionals learn to build AI-driven security workflows and secure them against emerging threats. We begin by demystifying AI agent frameworks and the Model Context Protocol (MCP), the emerging standard for how agents connect to tools. Through practical labs, participants construct agents that orchestrate security tools and Retrieval-Augmented Generation (RAG) pipelines.

From there, we pivot to offence. Participants learn how attackers exploit AI agents through prompt injections, excessive autonomy, and malicious plugins – then develop the skills to threat-model agentic systems and build defences against excessive agency, tool misuse, and supply chain tampering.

You’ll leave with a comprehensive prompt library, deep knowledge of MCP-enabled AI agents, and the skills to keep your security practice in sync with the speed of modern AI development.

Your Top 4 Takeaways

1. Hands-On AI Engineering & Defence: Build AI agents with real security tools via MCP, then harden them with sandboxing, permission controls, and auditing. You’ll walk away able to create AI-driven workflows that are both powerful and safe.
   
   
2. Threat Model AI Systems: Master methodologies to identify unique threat vectors — prompt injection, data poisoning, malicious plugins — and architect mitigations at the design level.
   
   
3. Offensive Skills for AI Security: Develop an attacker’s perspective through red-team labs. Understand excessive agency, tool misuse, and autonomous decision loop exploits, and use that insight to build stronger defences.
   
   
4. Secure MCP & Tool Orchestration: Understand the Model Context Protocol and its role in standardising AI tool use. Verify tool integrity, prevent cross-tool interference, and enforce plugin security within your DevSecOps pipeline.

Critical Threat Vectors

• Prompt Injection
  Adversarial inputs that hijack an agent’s chain-of-thought and override its instructions silently.
• Excessive Agency
  AI granted overly broad tool access – one compromised prompt can delete data, exfiltrate secrets, or spawn malicious subprocesses.
• Poisoned RAG
  Attackers inject malicious content into knowledge bases, causing the LLM to retrieve and trust harmful instructions.
• MCP Supply Chain
  Malicious plugins that shadow legitimate tools, intercept API calls, and exfiltrate data — undetected inside your agent session.

Who Should Attend

Built for Security & Engineering Professionals

• Application Security Engineers
• DevSecOps & Security Automation Engineers
• Security Architects
• DevOps / SRE Professionals
• Cloud Security Engineers
• Developers Building with LLMs

Prerequisites

• Foundational understanding of application security and DevSecOps processes
• Familiarity with threat modelling, common vulnerability types, and security testing (SAST/DAST/SCA)
• Basic Python knowledge recommended – labs involve reading and writing simple agent scripts
• No prior machine learning experience required – AI and LLM concepts are introduced from scratch
• Cloud-based lab environment fully provided – just bring alaptop with a web browser

What's Included

• Cloud lab environment with all required tools and LLM access
• Practical prompt libraries and code samples to take back to work
• Certificate of completion
• CPE credits eligible
• Post-training resources and community access

Delivered by Abhay Bhargav

Abhay Bhargav is the Founder and Chief Research Officer of we45, a specialist application security company, and the creator of AppSecEngineer, an elite hands-on security training platform. He started his career breaking applications through penetration testing and red-teaming, and has spent the last 15+ years scaling application security across cloud-native, DevSecOps, and AI-powered environments.

A regular speaker and trainer at DEF CON, Black Hat, OWASP, and RSA Conference, Abhay’s training programmes have been sold-out events globally, including at Black Hat USA, AppSecUSA, CodeBlue Japan, and AppSecDay Melbourne. He is a member of the Forbes Technology Council and the author of two internationally published books: Secure Java: For Web Application Development and PCI Compliance: A Definitive Guide.

Run this course in-house

Informa Connect Academy’s customised training solutions have helped organisations deliver tailored learning in different languages to suit every requirement.