Skip to Content
View all events

Securing Agentic AI Systems Bootcamp

Published by O'Reilly Media, Inc.

Protect agents, tools, memory, and AI supply chains

What you’ll learn and how you can apply it

  • Threat model agentic AI architectures and identify critical attack surfaces
  • Design security controls for agents, tools, memory systems, and A2A communications
  • Conduct agentic AI red teaming exercises and evaluate exploitability
  • Develop governance and assurance strategies for secure deployment of autonomous systems

Course description

Agentic AI systems are moving from experimental prototypes to enterprise production environments. Modern agents can access tools, invoke APIs, communicate with other agents, maintain memory, and autonomously execute complex workflows. These capabilities introduce entirely new attack surfaces that traditional application security practices were not designed to address.

Petar Radanliev provides a four-week introduction to securing agentic AI systems throughout their lifecycle. You’ll explore the emerging threat landscape surrounding agent ecosystems, including prompt injection, indirect prompt injection, tool abuse, memory poisoning, agent identity compromise, MCP vulnerabilities, A2A communication risks, and AI supply-chain attacks. Through demonstrations and hands-on exercises, you’ll analyze real attack scenarios and implement modern security controls, monitoring approaches, and governance mechanisms. 4 wYou’ll leave with practical frameworks for evaluating, securing, and governing autonomous AI systems in production environments.

This live event is for you because...

  • You are an AI architect designing agent-based systems.
  • You are a cybersecurity professional responsible for securing AI deployments.
  • You work with LLMs, AI agents, MCP servers, orchestration platforms, or autonomous workflows.
  • You want to understand how emerging agentic AI threats affect enterprise environments.
  • You want to develop practical skills in AI security engineering and red teaming.

Prerequisites

  • A GitHub account
  • (Optional) Access to OpenAI, Anthropic, or Gemini APIs
  • (Optional) Docker Desktop
  • (Optional) Python 3.11+
  • (Optional) VS Code
  • A basic understanding of LLMs and generative AI
  • Familiarity with APIs and software architectures
  • Fundamental cybersecurity knowledge
  • No prior agent security experience required

Recommended preparation:

  • Download course materials from repository (link to come)

Recommended follow-up:

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

Week 1: The agentic AI threat landscape (240 minutes, with breaks)

  • Presentation: Evolution from chatbots to autonomous agents; agent architectures in 2026; MCP, A2A and tool ecosystems; emerging attack surfaces
  • Demonstration: End-to-end agent compromise scenario
  • Hands-on exercise: Develop a remediation road map
  • Discussion: Where do you see the highest risk?
  • Q&A

Week 2: Prompt injection and tool exploitation (240 minutes, with breaks)

  • Presentation: Direct prompt injection; indirect prompt injection; tool abuse attack; cross-agent attack chains
  • Demonstration: Exploiting an AI agent through external content
  • Hands-on exercise: Identify vulnerabilities and apply mitigations
  • Q&A

Week 3: Memory, identity, and agent communications (240 minutes, with breaks)

  • Presentation: Agent memory poisoning; agent identity and trust; A2A communication risks; privilege management
  • Demonstration: Poisoning agent memory stores
  • Hands-on exercise: Threat model a multi-agent architecture
  • Q&A

Week 4: Securing MCP and AI supply chains (240 minutes, with breaks)

  • Presentation: MCP security architecture; red teaming methodologies; runtime monitoring; tool governance; safety versus security testing; AIBOM concepts; governance and assurance frameworks; third-party model risks
  • Demonstration: MCP server risk assessment
  • Hands-on exercise: Build an AI supply-chain risk assessment
  • Q&A

Your Instructor

  • Dr. Petar Radanliev

    Dr. Petar Radanliev lectures and supervises postgraduate master’s students’ research dissertations on AI and cybersecurity at the Department of Computer Science, University of Oxford. He is also a Lecturer/Instructor at Pearson and O’Reilly (USA), while conducting research on digital identity system security at the Alan Turing Institute, based at the British Library in London. After completing his PhD in 2013/14, Petar held postdoctoral research appointments at Imperial College London, the University of Cambridge, the Massachusetts Institute of Technology, and the Department of Engineering Science at the University of Oxford, where he remained for seven years before moving to his current position. His work spans artificial intelligence, cybersecurity, post-quantum security, and blockchain security. This research has led to an H-index of 25 (as indexed by Web of Science and Scopus), over 3,700 citations, more than 100 peer-reviewed publications, and four authored books. In recognition of his contributions, Petar has received major funding awards, including a Fulbright Fellowship and the Prince of Wales Innovation Award.

Skill covered

Security Engineering