NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment

Academy

AI Security Labs

Hands-On Labs.

Interactive training modules with embedded tools.

Fourteen AI security labs covering the full MADE framework — from prompt injection and RAG data leakage to AI governance, threat modeling, and incident response. The first five labs embed interactive tools; the remaining nine are structured self-directed exercises with evidence templates and scoring checklists.

Browse ModulesAcademy overview

How it works

Three steps per lab.

01

Read the brief

Each lab opens with the attack or defense concept, the underlying rules, and what you should observe.

02

Run the tool

Paste your own prompts, configs, or output — or use the provided fixtures. The tool runs deterministically with no LLM calls required.

03

Review findings

Findings are explained with the specific rule triggered, severity, and what an attacker or defender would do with this information.

Recommended path

Complete in pillar order.

collapse ▲

Map

AI Inventory & Boundaries
Practitioner
Threat Modeling
Expert

Attack

Prompt Injection
Foundation
Prompt Security
Practitioner
Supply Chain
Practitioner
Memory Poisoning
Advanced
Multimodal Injection
Advanced

Defend

Output Safety
Practitioner
Agent Permissions
Practitioner
RAG Security
Practitioner
MLOps Platform Security
Practitioner

Evidence

Governance & Policy
Foundation
Logging & Forensics
Practitioner
Incident Response
Practitioner
Vendor Risk & Procurement
Practitioner
RAG Data Leakage
Advanced

Training modules

Fourteen labs. Real tools. Real rules.

Attack20–45 min

Foundation

Prompt Injection Lab

Run 12 structured injection probes across 10 attack categories against a target system. Record outcomes, learn why each probe works, and export an evidence session.

  • Direct & indirect injection mechanics
  • System prompt exfiltration patterns
  • Role confusion and policy bypass
  • Evidence session documentation
Launch lab
Attack15–30 min

Practitioner

Prompt Security Lab

Analyze system prompts against 15 security rule categories. Learn to spot secret leakage, instruction injection risks, KB corpus contamination, and weak policy patterns.

  • 15 prompt policy rule categories
  • Secret and credential exposure detection
  • KB corpus contamination analysis
  • Prompt fixture comparison
Launch lab
Defend15–25 min

Practitioner

Output Safety Lab

Test model output across 8 dangerous sink types — HTML, Markdown, JSON, tool calls, email, DB queries, code execution, and raw display. Learn why each sink is dangerous.

  • 8 output sink risk models
  • HTML injection and XSS in AI output
  • Markdown link safety and beacons
  • Tool call argument injection patterns
Launch lab
Attack15–25 min

Practitioner

Agent Permission Lab

Analyze agent tool configurations for permission scope creep, missing approval gates, unsafe execution identities, and dangerous side effects. Works with MCP tool schemas.

  • OWASP LLM06 — Excessive Agency
  • Permission scope: read vs write vs admin
  • Side effect categories and approval gates
  • MCP schema quality and ambiguity risks
Launch lab
Attack15–25 min

Practitioner

RAG Security Lab

Analyze RAG pipeline configurations for authorization gaps, tenant isolation failures, stale permission risks, and indirect injection surfaces. Paste a pipeline config and get findings.

  • Authorization boundary validation
  • Tenant isolation failure patterns
  • Query-time vs ingest-time permission gap
  • Indirect injection via retrieved documents
Launch lab
Evidence30–60 min

Advanced

RAG Data Leakage Lab

Trace how RAG pipelines leak tenant data and PII across retrieval scopes, vector metadata, and completion logging. Build a customer-safe exposure summary with evidence documentation.

  • Tenant isolation failure patterns
  • PII retention through RAG retrievals
  • Cross-tenant data boundary violations
  • Customer-safe incident documentation
Launch lab
Defend20–40 min

Practitioner

AI Supply Chain Security Lab

Analyze three real supply chain attack artifacts — a malicious PR with a hidden HTML comment, a terraform state file with exposed secrets, and a poisoning attack pack — to map how AI supply chain attacks enter production.

  • Five AI supply chain attack-vector taxonomy
  • Hidden instructions in PR reviews and why they work
  • Why terraform sensitive: true doesn't protect state files
  • Provenance gaps and blast radius assessment
Launch lab
Attack25–60 min

Advanced

Agent Memory Poisoning Lab

Analyze poisoned session history and memory artifacts to identify how attackers persist cross-session behavior changes. Classify attack types, trace influence paths, and map controls.

  • Six memory poisoning attack categories
  • Long-horizon delayed trigger identification
  • Trust anchor corruption patterns
  • Persistence controls and memory hygiene
Launch lab
Attack20–45 min

Advanced

Multimodal Injection Lab

Analyze adversarial payloads embedded in ASCII art, invisible unicode, SVG, and image metadata to understand how multimodal AI pipelines are hijacked across parse boundaries.

  • Five multimodal injection vector types
  • Invisible unicode steganography detection
  • SVG-based SSRF and exfiltration vectors
  • Parse boundary exploitation per modality
Launch lab
Evidence20–35 min

Foundation

AI Governance & Policy Lab

Map AI system capabilities to a governance policy, identify coverage gaps, and produce a risk acceptance statement aligned to your organization's risk tolerance.

  • AI policy scope and applicability
  • Risk acceptance statement drafting
  • Control gap analysis against policy
  • AIPSA governance domain coverage
Launch lab
Map50 min

Practitioner

AI Inventory & Boundaries Lab

Build a complete AI system inventory record from a real MCP server configuration. Enumerate components, assign AIPSA risk tiers, map data flows, and identify trust boundaries and provenance gaps.

  • AI system component enumeration
  • AIPSA risk tier assignment with justification
  • Data flow and trust boundary mapping
  • Provenance gaps and immediate remediation actions
Launch lab
Map60 min

Expert

AI Threat Modeling Lab

Apply STRIDE to a real MCP server architecture. Place trust boundaries, enumerate all six threat categories, map sandbox escape vectors, and produce a threat model with specific controls at each enforcement point.

  • STRIDE applied to AI agent architectures
  • Trust boundary placement in tool-use systems
  • Sandbox escape vector classification
  • Enforceable controls at named architecture points
Launch lab
Defend25–45 min

Practitioner

AI Logging & Forensics Lab

Evaluate AI telemetry coverage across prompt, completion, retrieval, and tool-use logs. Identify forensic evidence gaps and write an investigatability assessment.

  • AI trace and telemetry evaluation
  • Prompt and completion log coverage
  • Retrieval and tool-use audit trails
  • Forensic evidence chain documentation
Launch lab
Defend25–45 min

Practitioner

AI Incident Response Lab

Walk a real AI abuse incident from detection through after-action review. Classify the event, evaluate ethical incident drill scenarios, determine scope and containment, and produce an after-action report.

  • AI abuse event classification with MITRE ATLAS IDs
  • Incident drill ethical refusal reasoning
  • Scope, containment, and notification obligations
  • After-action root cause and program improvement
Launch lab

Training

Speed runs, flash cards, and timed domain challenges.

Open training

Certification

AIPSA certification across four credential levels — scored, issued, verifiable.

View certification

Reference Desk

Career Explorer, AI Control Crosswalk, and framework reference tools.

Open reference desk

Reading Materials

Handbook chapters, Field Guide, and Mythos Report — one PDF per domain for lab preparation and reference.

Browse materials

My Progress

Track lab completions, scores, and certification readiness across all 16 labs.

View my progress