AppSec Robots: Building Real-World Agents for Application Security

Course Overview

Security teams are drowning in repetitive tasks while attackers move faster than ever. This course takes a fresh approach: instead of learning to attack or defend AI systems, participants will build AI agents that supercharge their existing security workflows. Using the OpenAI and Claude Agent SDKs, you’ll create practical tools that cover an entire security lifecycle – agents that generate threat models from documents or code, automate SAST and DAST scans, audit Kubernetes clusters, and assess cloud infrastructure security.

You’ll tackle the real challenges: keeping agents updated with current threat intelligence through RAG and search grounding, connecting them to security tools via the Model Context Protocol (MCP), and giving them memory so they learn from each assessment.

Every module includes working labs with extended access. You’ll leave with agents that adapt, reason, and meaningfully scale your team’s impact – from day one.

Your Top 3 Takeaways

1. Cutting-Edge Skills at the Intersection of Security + AI
   Learn not just how to use agents, but how to build powerful, real-world security agents that automate threat modelling, SAST, DAST, Kubernetes audits, and cloud assessments across the full security lifecycle.
2. Intuition for AI That Usually Feels Like a Black Box
   Through hands-on work with agent reasoning, memory systems, MCP integrations, and RAG-based grounding, you’ll genuinely understand how agents think, plan, and interact with security tools in realistic scenarios.
3. Complete AI-Driven Security Workflows, Built by You
   Using cloud sandboxes and the OpenAI and Claude Agent SDKs, you’ll create agents that autonomously analyse code, explore live applications, audit infrastructure, and dramatically boost your team’s output.

What Makes This Course Different

• You Build, Not Just Learn
  With a 70:30 labs-to-theory ratio, every concept is immediately reinforced through hands-on exercises. You won’t just understand how agent tools, memory systems, and reasoning engines work – you’ll build them yourself across dedicated sandboxes.
• Security Is Built Into Every Step
  Unlike AI courses that sacrifice rigour for speed, this training embeds security principles into every agent you build – from threat modelling to cloud audits. You gain efficiency without weakening your security posture.
• No Buzzwords, No Hype
  Every framework – MCP, RAG, vector stores, agent SDKs – is taught with a clear reason and an emphasis on why it works. You’ll leave understanding the logic, not just the syntax.
  
  

Who Should Attend

Built for Security Professionals Ready to Work at Machine Speed

• Pentesters & Red Team Professionals
• Product Security Engineers & AppSec Professionals
• Cloud & Kubernetes Security Auditors
• Security Architects & Threat Modellers
• DevOps & DevSecOps Professionals

Why This Course

Security Automation Is No Longer Optional.
Traditional security exercises – penetration testing, threat modelling, cloud audits – are slow, expertise-heavy, and burdened by overwhelming alerts and repetitive tasks. Agentic AI changes this. This course gives you the practical skills to automate your entire security lifecycle, shifting your team from executors to strategic reviewers.

Delivered by Abhay Bhargav

Abhay Bhargav is the Founder and Chief Research Officer of we45, a specialist application security company, and the creator of AppSecEngineer, an elite hands-on security training platform. He started his career breaking applications through penetration testing and red-teaming, and has spent the last 15+ years scaling application security across cloud-native, DevSecOps, and AI-powered environments.

A regular speaker and trainer at DEF CON, Black Hat, OWASP, and RSA Conference, Abhay’s training programmes have been sold-out events globally, including at Black Hat USA, AppSecUSA, CodeBlue Japan, and AppSecDay Melbourne. He is a member of the Forbes Technology Council and the author of two internationally published books: Secure Java: For Web Application Development and PCI Compliance: A Definitive Guide.

Run this course in-house

Informa Connect Academy’s customised training solutions have helped organisations deliver tailored learning in different languages to suit every requirement.