Securing AI and ML Systems
Published by O'Reilly Media, Inc.
Use the MITRE ATLAS framework
What you’ll learn and how you can apply it
- Analyze AI system architectures to identify specific vulnerabilities and map potential threats to the appropriate tactics and techniques within the MITRE ATLAS framework
- Demonstrate adversarial attack methods, such as prompt injection and evasion techniques, to evaluate the resilience of machine learning models against unauthorized manipulation
- Design a defense strategy using mitigations, including input filtering and model monitoring, to protect the AI supply chain and data integrity
- Perform a gap analysis on existing AI deployments to measure security maturity and prioritize risk remediation efforts based on documented adversarial behaviors
Course description
As organizations increasingly integrate artificial intelligence and machine learning systems into their core infrastructure, they’re confronted with unique vulnerabilities that must be understood from a security perspective. Cybersecurity expert Dean Bushmiller gives you the strategies to identify, categorize, and mitigate AI-specific threats using the MITRE ATLAS framework.
First, you’ll learn how to analyze an AI attack surface and apply the ATLAS matrix to identify gaps in defenses. Then you’ll map real-world AI security incidents to specific adversarial tactics, understand evasion attacks to test model robustness, and configure defensive guardrails to prevent unauthorized data exfiltration. By the end of the course, you’ll be able to implement controls in your own organization and ensure that your AI deployments are defended against AI-specific attacks.
This live event is for you because...
- You’re a cybersecurity analyst who needs to evolve beyond traditional network security.
- You work with AI/ML teams and want to integrate security-by-design principles using standardized frameworks.
- You are a security architect or risk manager tasked with evaluating the safety of third-party AI tools.
- You want to be an AI security specialist and need a practical, industry-recognized method for identifying and mitigating risk.
Prerequisites
- A foundational knowledge of cybersecurity
- Familiarity with the AI/ML lifecycle
- Basic command-line skills
Recommended preparation:
- Read and execute the GitHub repository
Recommended follow-up:
- Explore Security Superstream: Secure Code in the Age of AI (conference video)
- Explore AI Fundamentals for Cybersecurity Professionals (on-demand course)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Foundations of AI security and ATLAS (60 minutes)
- Presentation: The shifting attack surface from traditional AppSec to adversarial ML; introduction to the MITRE ATLAS matrix structure
- Group discussion: Why do traditional firewalls and encryption fail to protect a model from hallucinating sensitive data or being manipulated by a crafted input?
- Hands-on exercise: Map a historical AI failure to ATLAS
- Q&A
- Break
Offensive tactics—from recon to access (60 minutes)
- Presentation: Reconnaissance, resource development, and initial access; supply chain vulnerabilities and poisoned public models
- Group discussion: If an attacker can access your public-facing Hugging Face profile, what is your level of risk?
- Hands-on exercise: Identify common adversarial vulnerabilities in a sample AI system architecture diagram
- Q&A
- Break
Adversarial ML—evasion and exfiltration (60 minutes)
- Presentation: Deep dive into evasion and exfiltration; understanding how perturbations can trick computer vision; how prompt injection can trigger unauthorized tool usage
- Group discussion: In a “model stealing” scenario, how does an attacker use simple API queries to reconstruct proprietary intellectual property?
- Hands-on exercise: Simulate a direct prompt injection attack in a sandbox environment to bypass system safety instructions
- Q&A
- Break
Defense and risk mitigation (60 minutes)
- Presentation: Applying ATLAS mitigations; implementing guardrails, robust training, and human-in-the-loop requirements for AI
- Group discussion: How can you balance model utility with model security?
- Hands-on exercise: Perform a gap analysis on a fictional AI deployment to prioritize which ATLAS techniques require immediate defensive controls
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller consults on cybersecurity, incident response, and penetration testing and is using AI to build and secure learning platforms. He’s been teaching cybersecurity since 1999, has over 1,000 hours of recorded cybersecurity training, and a lifetime instructor approval rating of over 90%. He has also achieved more than 36 major cybersecurity certifications and passed over 100 certification exams.
Dean built the full library of NICE framework knowledge statements, which includes over 600 basic, intermediate, and advanced cybersecurity topics in an easy one-hour online format. Though he’s not a member of the military, he has had the honor to train the US military since 1999. In recognition for outstanding service in the information assurance field, he has received eight mission coins.