Workshops
AI Security Workshopsthat leave artifacts, not slide decks.
Productized working sessions for product security, AI platform, red team, blue team, governance, and executive teams. Use them to plan the program, review the architecture, run adversarial tests, build detection, or clean up public claims.
Workshop planner
Five scoped sessions, one operating surface.
Program planning
AI Security Program Planning Jumpstart
Teams that need a first AI security program, not a generic strategy deck.
Architecture review
AI Security Architecture Review Sprint
RAG, agent, and model-driven features that need a concrete review before launch.
Red team
AI Red Team Jumpstart
Teams that need their first adversarial test plan and evidence pack.
Blue team
AI Blue Team Jumpstart
Teams that need visibility before they can tune response.
Governance
Governance and Claim-Readiness Jumpstart
Teams that need trust language without inflated maturity language.
Artifacts you leave with
5 formats
Program planning, architecture, red team, blue team, governance
3 hours to 1 day
Sized for real teams and real calendars
Public-safe outputs
Backlogs, memos, playbooks, evidence maps
Cross-functional
CISO, AppSec, platform, SOC, GRC, and product
Artifacts
Backlogs, memos, playbooks, evidence maps
Workshop formats
Pick the session that matches the problem.
Each workshop is scoped to a real decision point: starting the program, reviewing a feature, testing abuse paths, building detection, or making claims defensible.
Architecture review
AI Security Architecture Review Sprint
Threat-model one AI feature or product path with data flows, trust boundaries, control gaps, and evidence requirements.
Best for
RAG, agent, and model-driven features that need a concrete review before launch.
Outcomes
Session agenda
System map
Inventory inputs, outputs, models, tools, retrieval paths, and trust boundaries.
Output: A single shared view of the system.
Attack paths
Walk through likely abuse cases, data leaks, unsafe actions, and authorization failures.
Output: A ranked list of abuse paths.
Control design
Map controls to the risks that matter: logging, approvals, eval gates, and guardrails.
Output: Controls tied to actual failure modes.
Review memo
Package the findings, owners, and next engineering moves for follow-up.
Output: A short memo that is ready to circulate.
Public-safe outputs
Every session ends with something your team can use.
Backlog
Prioritized work with owners, urgency, and next moves.
Memo
Concise decision artifact for executives and engineering.
Evidence map
Claims connected to controls, records, and artifacts.
Playbook
Repeatable steps for detection, response, or review.
Control map
Risks connected to controls, gaps, and evidence requirements.
Retest plan
Minimum follow-up checks and checkpoints after fixes.
Delivery flow
Structured like a planner. Delivered like a working session.
Every workshop starts with a clear scope, moves through concrete decisions, and ends with an artifact that can be handed to engineering, leadership, or operations.
Choose the workshop
Pick the format that matches the problem: planning, architecture, red team, blue team, or governance.
Scope the system
Name the target, the people in the room, and the evidence you want to leave with.
Run the session
Move through the agenda live, with a bias toward decisions instead of slides.
Package the output
Leave with a backlog, memo, evidence map, or playbook that can move into execution.
Connected system
Workshops connect back into the AIPSA system.
Use workshops as the human operating layer around the scorecard, field guide, labs, evidence packs, and services.
AI Security Scorecard
Benchmark the program before or after a workshop.
Open
AIPSA Field Guide
Use the domain model and control language behind each session.
Open
AIPSA Labs
Turn findings into practice scenarios and retest paths.
Open
Evidence packs
Package outputs into governance or sales-support artifacts.
Open
Next step
Pick the workshop that matches the problem, then scope it once.
The point is to produce useful artifacts, not to sell a vague training day.