AI Red Team: Adversarial Testing and Security

What it covers

This practitioner-level bootcamp trains security engineers and AI teams to systematically attack and defend large language model deployments. Participants work through hands-on labs covering prompt injection, jailbreaks, model poisoning, indirect data exfiltration, and the full OWASP LLM Top 10. The programme combines structured attack simulations with defensive pattern design, equipping teams to embed red-teaming into their AI development lifecycle. Deliverables include a reusable adversarial test plan and a set of hardened prompt guardrails applicable to production systems.

What you'll be able to do

• Execute a structured prompt injection campaign against a live LLM API and document exploitable attack surfaces
• Reproduce at least five OWASP LLM Top 10 vulnerabilities in a sandboxed environment and propose mitigations for each
• Design and implement an input/output guardrail layer that reduces jailbreak success rate by a measurable threshold
• Produce a reusable AI red-team test plan aligned to an organisation's threat model and AI deployment architecture
• Integrate adversarial test cases into a CI/CD pipeline to catch regressions before model updates reach production

Topics covered

• OWASP LLM Top 10: full walkthrough and exploitation labs
• Prompt injection attacks — direct, indirect, and multi-turn
• Jailbreak techniques and bypass pattern taxonomy
• Model and data poisoning vectors in fine-tuning pipelines
• Data exfiltration via LLM outputs and embeddings
• Adversarial evaluation frameworks and automated fuzzing
• Defensive guardrails: input/output filtering, sandboxing, privilege separation
• Embedding red-teaming into MLOps and secure SDLC

Delivery

Typically delivered as a 3-to-5-day in-person or live-virtual bootcamp with a 70/30 hands-on-to-theory ratio. Each session uses a shared lab environment (cloud-hosted, pre-provisioned) with real LLM endpoints. Participants receive an attack playbook, a defensive patterns reference guide, and post-training access to an updated vulnerability library. Remote delivery uses breakout rooms for attack-simulation pairs. In-person delivery is preferred for red-team role-play exercises involving multi-team adversarial scenarios.

What makes it work

• Running adversarial drills against a staging clone of the actual production LLM stack rather than generic demo models
• Establishing a shared vulnerability taxonomy between security and AI teams before the bootcamp begins
• Scheduling a 30-day post-bootcamp follow-up to review whether mitigations held against new attack variants
• Embedding at least one trained red-team practitioner into each AI product squad as a standing security champion

Common mistakes

• Treating prompt injection as a purely theoretical risk and skipping production-realistic lab environments
• Focusing only on external jailbreaks while ignoring insider-threat and supply-chain poisoning vectors
• Implementing guardrails as a one-time fix rather than a continuously tested, version-controlled component
• Assigning red-teaming solely to security teams without involving the AI engineers who build the pipelines

Providers to consider

• SANS Institute (SEC549 / AI Security courses)www.sans.org/cyber-security-courses/ai-security/ →
• Adversa AIadversa.ai →
• HiddenLayer (AI Security Training)hiddenlayer.com →
• OffSec (Offensive Security — AI Security track)www.offsec.com →

Sources

• OWASP Top 10 for Large Language Model Applications →
• NIST AI Risk Management Framework (AI RMF 1.0) →