Agentic AI Coding for Cybersecurity
Published by Pearson
Claude Code, Codex, Cursor, and OpenCode for Cybersecurity and Beyond
- Learn how to use agentic coding tools to accelerate security engineering and automate your security workflows.
- Configure agent skills, harnesses, Model Context Protocol (MCP) integrations, and more.
- Explore sandboxing techniques, permission models, and secret handling.
The rise of terminal-native agentic coding tools like Claude Code, OpenAI Codex CLI, and OpenCode has fundamentally changed how security engineers write, audit, and remediate code. These tools go beyond autocomplete, operating as autonomous agents that can navigate codebases, execute commands, run tests, and iterate solutions with minimal human intervention. In this hands-on training, you will learn how to use Claude Code (Anthropic), Codex CLI (OpenAI), Cursor, and OpenCode for real-world cybersecurity workflows, starting with their architecture, context management, tool usage, and multi-step task execution.
We then move into practical applications, including automated vulnerability triage, secure code generation guided by policy rules, dependency auditing, infrastructure-as-code hardening, and incident response automation. Through guided exercises, you will configure agents for security-first development by setting up guardrails, integrating with Model Context Protocol (MCP) servers, and building reproducible workflows with CI/CD pipelines, while also examining key risks such as sandboxing, permission models, and secure handling of secrets. By the end, you will have practical patterns for using agentic coding assistants effectively while understanding the safeguards required for responsible adoption.
What you’ll learn and how you can apply it
- Analyze how Claude Code, Codex CLI, and OpenCode differ in architecture, context management, and agent capabilities
- Configure custom security rules, skills, harnesses, and MCP integrations for each tool
- Apply strategies for sandboxing, permission scoping, and secret management when running agentic tools
- Integrate agentic coding assistants into security-focused CI/CD workflows
This live event is for you because...
- You’re a cybersecurity professional (analyst, engineer, architect, or consultant) looking to upgrade your skills for the AI-driven era
- You’re an AI/ML engineer or data scientist wanting to apply your expertise to cybersecurity
- You’re an ethical hacker seeking to automate and enhance offensive security capabilities
- You’re a software developer or DevOps engineer focused on building secure applications and infrastructure
- You’re a security leader, CISO, or project manager aiming to understand the strategic impact of agentic AI
Prerequisites
- You should be familiar with basic cybersecurity and AI/ML concepts. Course Set-up
- GitHub: https://github.com/The-Art-of-Hacking/h4cker
Recommended Preparation
- Read: Agentic AI for Cybersecurity: Building Autonomous Defenders and Adversaries by Omar Santos
- Watch: Practical Cybersecurity Fundamentals by Omar Santos
- Attend: Modern Cybersecurity Fundamentals by Omar Santos
- Attend: AI-Enabled Programming, Networking, and Cybersecurity by Omar Santos
- Watch: Building the Ultimate Cybersecurity Lab and Cyber Range by Omar Santos
Recommended Follow-up
- Read: Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World by Omar Santos, Savannah Lazzara, and Wesley Thurner
- Watch: Build Your Own AI Lab by Omar Santos
- Watch: Securing Generative AI by Omar Santos
- Watch: AI Agents and Agentic RAG for Cybersecurity by Omar Santos
- Practice: Ethical Hacking Labs by Omar and Derek Santos
- Attend: AI and LLM Cyber Risks and Mitigations by Omar Santos
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Segment 1: Foundations of Agentic AI and Agentic Coding (15 minutes)
- What is an AI Agent?
- Understanding the Different Types of AI Agents
- The Agentic Loop (ReAct, Plan-and-Execute)
- From Copilots to Autonomous Agents: The Evolution of AI-Assisted Coding
Segment 2: Architecture and Operational Models of Agentic Coding Tools (30 minutes)
- Claude Code: Architecture, Context Management, and Tool Use
- Codex CLI: Sandbox Execution, Multi-File Reasoning, and Agent Loop
- OpenCode: Open-Source Terminal Agent Design and Extensibility
- Cursor: IDE-Native Agentic Workflows and Background Agents
- Comparing Context Windows, Token Budgets, and Execution Models
Q&A (5 minutes)
Break (5 minutes)
Segment 3: Hands-On — Setting Up and Configuring Each Tool (25 minutes)
- Installing and Configuring Claude Code, Codex CLI, OpenCode, and Cursor
- Creating Custom Rules and System Prompts for Security-First Development
- Configuring Permission Models, Sandboxing, and Approval Workflows
- Setting up Agent Skills, Rules, and Harnesses
- Using an Agent Skills Security Scanner
- Leveraging Project CodeGuard
Segment 4: Model Context Protocol (MCP) for Security Tooling (25 minutes)
- Introducing the Model Context Protocol (MCP)
- Building and Integrating MCP Servers for Security Tools
- Connecting Agents to Vulnerability Scanners, SBOMs, and Threat Feeds
- Guided Exercise: Creating an MCP Server with FastMCP
- Scanning MCP servers
- Q&A (5 minutes)
- Break (5 minutes)
Segment 5: Automated Vulnerability Detection and Secure Code Generation (30 minutes)
- Using Agentic Tools for Automated Vulnerability Triage
- Policy-Driven Code Generation: Enforcing Security Rules at Write Time
- Guided Exercise: Detecting and Remediating OWASP Top 10 Vulnerabilities and others with Agents
- Comparing Agent Performance Across Tools on Real-World CVEs
Segment 6: Infrastructure-as-Code Hardening and Dependency Auditing (25 minutes)
- Applying Agentic Coding to Terraform, CloudFormation, and Kubernetes Manifests
- Automated Dependency Auditing and Supply Chain Security Workflows
- Guided Exercise: Hardening an IaC Repository with Agent-Assisted Remediation
Q&A (5 minutes)
Break (5 minutes)
Segment 7: Securing the Tools Themselves (25 minutes)
- Threat Modeling Agentic Coding Assistants
- Sandboxing Strategies: Network Isolation, Filesystem Restrictions, and Process Boundaries
- Secret Handling: Preventing Credential Leakage Through Agent Contexts
- Risks of Autonomous Agents in Production: Prompt Injection, Exfiltration, and Privilege Escalation
Segment 8: Integrating Agentic Coding into CI/CD and Security Workflows (25 minutes)
- Building Reproducible Security Workflows with Agentic Tools
- Embedding Agents in CI/CD Pipelines: Pre-Commit Hooks, PR Review, and Gating
- Monitoring and Auditing Agent Actions in Team Environments
Q&A (5 minutes)
Course wrap-up and next steps (5 minutes)
Your Instructor
Omar Santos
Omar Santos is a Distinguished Engineer at Cisco focusing on advanced AI security research, cybersecurity, incident response, and vulnerability disclosure. He is the co-chair of the Coalition for Secure AI (CoSAI) alongside leading AI companies such as OpenAI, Google, Anthropic, and NVIDIA. Omar has served in the board of the OASIS Open standards organization and is also the chair of the OpenEoX and the Common Security Advisory Framework (CSAF) technical committee. His work led the creation of the CSAF ISO standard. Omar's collaborative efforts extend to numerous organizations, including OWASP, FIRST, and he was the lead of the DEF CON Red Team Village for several years. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. Omar's work in cybersecurity is also recognized through multiple granted patents. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer, and Intelligence (C4I) systems.