문의를 보내주셔서 감사합니다! 팀원이 곧 연락드리겠습니다.
예약을 보내주셔서 감사합니다! 저희 팀 멤버 중 한 분이 곧 연락드리겠습니다.
코스 개요
Foundations: Threat Models for Agentic AI
- Types of agentic threats: misuse, escalation, data leakage, and supply-chain risks
- Adversary profiles and attacker capabilities specific to autonomous agents
- Mapping assets, trust boundaries, and critical control points for agents
Governance, Policy, and Risk Management
- Governance frameworks for agentic systems (roles, responsibilities, approval gates)
- Policy design: acceptable use, escalation rules, data handling, and auditability
- Compliance considerations and evidence collection for audits
Non-Human Identity & Authentication for Agents
- Designing identities for agents: service accounts, JWTs, and short-lived credentials
- Least-privilege access patterns and just-in-time credentialing
- Identity lifecycle, rotation, delegation, and revocation strategies
Access Controls, Secrets, and Data Protection
- Fine-grained access control models and capability-based patterns for agents
- Secrets management, encryption-in-transit and at-rest, and data minimization
- Protecting sensitive knowledge sources and PII from unauthorized agent access
Observability, Auditing, and Incident Response
- Designing telemetry for agent behavior: intent tracing, command logs, and provenance
- SIEM integration, alerting thresholds, and forensic readiness
- Runbooks and playbooks for agent-related incidents and containment
Red-Teaming Agentic Systems
- Planning red-team exercises: scope, rules of engagement, and safe failover
- Adversarial techniques: prompt injection, tool misuse, chain-of-thought manipulation, and API abuse
- Conducting controlled attacks and measuring exposure and impact
Hardening and Mitigations
- Engineering controls: response throttles, capability gating, and sandboxing
- Policy and orchestration controls: approval flows, human-in-the-loop, and governance hooks
- Model and prompt-level defenses: input validation, canonicalization, and output filters
Operationalizing Safe Agent Deployments
- Deployment patterns: staging, canary, and progressive rollout for agents
- Change control, testing pipelines, and pre-deploy safety checks
- Cross-functional governance: security, legal, product, and ops playbooks
Capstone: Red-Team / Blue-Team Exercise
- Execute a simulated red-team attack against a sandboxed agent environment
- Defend, detect, and remediate as the blue team using controls and telemetry
- Present findings, remediation plan, and policy updates
Summary and Next Steps
요건
- Solid background in security engineering, system administration, or cloud operations
- Familiarity with AI/ML concepts and large language model (LLM) behavior
- Experience with identity & access management (IAM) and secure system design
Audience
- Security engineers and red-teamers
- AI operations and platform engineers
- Compliance officers and risk managers
- Engineering leads responsible for agent deployments
21 시간
