AI SecureOps: Attacking & Defending AI Applications & Agents - Abhinav Singh - DCTLV2026

Name of Training: AI SecureOps: Attacking & Defending AI Applications & Agents
Trainer(s): Abhinav Singh
Dates: August 10-11, 2026
Time: 8:00 am to 5:00 pm 
Venue: Las Vegas Convention Center
Cost: $2,000

Short Summary:

Step into the front lines of securing enterprise AI with an immersive, CTF-style training built around realistic attack-and-defense scenarios for AI applications, agents, and MCP-connected systems. Through hands-on labs, participants will explore how prompt injection, agent abuse, poisoned context, unsafe tool use, and authorization failures can lead to backend compromise, data exposure, and infrastructure impact. The course focuses on the enterprise realities of securing AI apps & agentic systems, covering red and blue teaming, guardrails, monitoring, incident response, and Responsible AI. Designed for security practitioners, builders, and defenders, this training helps attendees understand how modern AI systems fail, how those failures chain into larger enterprise risks, and how to implement practical controls to secure AI deployments at scale.

Top 3 Takeaways

• Learn how to identify, exploit, and defend against real-world attacks on AI applications, agents, and tool-connected systems, including prompt injection, jailbreaks, agent abuse, and chained compromise paths.
• Build practical defensive capabilities for enterprise AI, including guardrails, security scanners, monitoring, and response patterns for public, private, and MCP-enabled AI services.
• Gain hands-on experience using modern AI techniques for security testing, validation, and red/blue teaming, including judge-LLM workflows, attack automation, and securing agentic AI supply chains.

Course Description: 

Can prompt injections lead to complete infrastructure takeovers? Could AI agents, MCP-connected tools, or poisoned external context be abused to compromise backend services? Can data poisoning in AI copilots impact a company’s stock? Can jailbreaks create false crisis alerts in security systems? This immersive, CTF-styled training in GenAI, LLM, agent, and MCP security dives into these pressing questions. Engage in realistic attack-and-defense scenarios focused on real-world threats, from prompt injection and remote code execution to backend compromise, tool abuse, unsafe agent orchestration, and MCP-specific trust and authorization failures. Tackle hands-on challenges with live AI applications to understand vulnerabilities and build robust defenses. Learn how to create a comprehensive security pipeline, master AI red and blue team strategies, secure tool-connected and agentic systems, build resilient guardrails for LLMs, and handle incident response for AI-based threats. You will also explore governance, Responsible AI, and enterprise security patterns for modern AI ecosystems.

By 2027, Gartner, Inc. predicts that over 80% of enterprises will engage with AI applications, up from less than 5% in 2023. This rapid adoption presents a new challenge for security professionals. This training provides essential AI and LLM security skills through an immersive CTF-styled framework, bringing you from an intermediate to an advanced level. Delve into sophisticated techniques for mitigating AI threats and engineer robust defense mechanisms to address the complex security challenges posed by AI's rapid expansion. You will be provided with access to a live playground with custom-built AI applications replicating real-world attack scenarios covering use-cases defined under the OWASP LLM top 10 framework and mapped with stages defined in MITRE ATLAS. This dense training will navigate you through areas like the red and blue team strategies, create robust LLM defenses, incident response in LLM attacks, implement a Responsible AI (RAI) program, and enforce ethical AI standards across enterprise services, with the focus on improving the entire AI supply chain.

This training will also cover the completely new segment of Responsible AI (RAI), ethics, and trustworthiness in AI services. Unlike traditional cybersecurity verticals, these unique challenges such as bias detection, managing risky behaviors, and implementing mechanisms for tracking information are going to be the key challenges for enterprise security teams.

By the end of this training, you will be able to:

• Exploit vulnerabilities in AI applications to achieve code and command execution, uncovering scenarios such as instruction injection, agent control bypass, remote code execution for infrastructure takeover, and chaining multiple agents for goal hijacking.
  
• Conduct AI red-teaming using adversary simulation, OWASP LLM Top 10, and MITRE ATLAS frameworks, while applying AI security and ethical principles in real-world scenarios.
• Execute and defend against adversarial attacks, including prompt injection, data poisoning, jailbreaks, agentic attacks, and insecure tool-connected workflows.
• Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks, implementing a 3-way autonomous system consisting of attack, defend, and judge models.
• Build and deploy enterprise-grade LLM defenses, including custom guardrails for input/output protection, security benchmarking, penetration testing of LLM agents, and defensive controls for MCP-enabled integrations.
• Understand MCP & agent fundamentals and assess how they expand the attack surface of modern AI systems.
• Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks. Create a robust threat model for enterprise applications, including AI systems connected to external tools and data sources through MCP-like architectures.
• Implement an incident response and risk management plan for enterprises developing or using GenAI services.

Course Outline: 

### Introduction 

• Introduction to LLM and AI
• Terminologies and architecture
• Transformers, Attention & their security implications (hallucinations, jailbreaks, etc)
• Agents, multi-agents and multi-modal models
  
• Introduction to tool-connected AI systems and MCP as an emerging standard for connecting agents to external tools, data, and workflows

### Elements of AI Security (1 lab)

• Understanding AI vulnerabilities with case studies on AI security breaches
  
• OWASP LLM Top 10 and MITRE mapping of attacks on AI supply chain  
• Threat modeling of AI Applications, tool-connection and MCP-enabled architectures, including trust boundaries across hosts, clients, servers, tools, resources, and external systems  

### Adversarial LLM Attacks and Defenses (6 labs)

• (What, Why & how’s)Direct and indirect prompt injection attacks and their subtypes 
• Advanced prompt injections through obfuscation and cross-model injections
• Breaking system prompts and their trust criteria
• Indirect prompt injections through external input sources

### Responsible AI & Jailbreaking (6 labs)

• Jailbreaking public LLMs covering adversarial AI, offensive security, and CBRN use-cases

• Responsible use and governance implications of increasingly autonomous, tool-connected AI systems

• Model alignment, system prompt optimization, and defense

### Building Enterprise-grade LLM Defenses (2 labs)

• Deploying LLM security scanner, adding custom rules, prompt block-lists, and guardrails.
• Writing custom detection logic, trustworthiness checks, and filters.
• Building security log monitoring and alerting for models using open-source tools.
• LLM security benchmarking and continuous reporting.

### Red & Blue Teaming of Enterprise AI applications (4 labs)

• Business control flow testing for risky responses & misaligned behavior of applications
• Using Colab notebooks for automation of API calls and reporting
• Vector database and model-weight tracing for root-cause investigation
• Rainbow teaming through a 3-way LLM implementation: target, attacker, and judge with self-improving attack prompts

### MCP Security & Defensive Architecture (1 lab)

• MCP fundamentals & security for agentic systems: protocol basics, trust-boundary changes, key risks like malicious servers and over-broad permissions, plus a browser-based exploit-and-defend lab
• Defense patterns for MCP-enabled systems with protection architectures

### Attacking & Defending Agentic Systems (5 labs)

• Threat modeling of agentic and multi-agent systems, including planning loops, memory, tool invocation, delegation, trust boundaries, and escalation paths
• Attacking LLM agents for task manipulation, risky behavior and PII disclosure in RAG
• Injection attacks on AI agents for code and command execution
• Compromising backend infrastructure by abusing over-permissioning and tool usage in agentic systems
• Multi-agent attacks causing privilege too calls, goal manipulation & chained escalations
• Defense patterns for agentic systems, including observability, approval gates, scoped permissions, secure delegation, and runtime tracing for high-risk actions.

### Building AI SecOps Process

• Summarizing the learnings into a SecOps workflow
• Monitoring trustworthiness, safety and security of enterprise AI applications
• Implementing NIST AI Risk Management Framework (RMF) for security monitoring

Difficulty Level:

Intermediate - The student has education, some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

Suggested Prerequisites:

Complete the simple pre-training instructions: create a paid OpenAI API key, set up a Google Colab notebook, and read the Introduction document. No local setup is needed. All the training materials and lab access will be provided during the training.

Who Should Take This Course

• Security professionals who need to understand how modern AI systems fail and how to defend them
• Red and blue teamers looking to add AI applications, agents, and tool-connected systems to their offensive and defensive workflows
• AI/LLM developers and engineers who want to build more secure applications, agents, and integrations
• Security architects, detection engineers, and defenders responsible for securing enterprise AI deployments
• AI safety, governance, and risk professionals who need a practical understanding of how technical failures map to real enterprise risk
• Product leaders, founders, and technical decision-makers who want to better understand the attack surface of AI-enabled products and agentic systems

What Students Should Bring:

A laptop with browser access is ideal, preferably a personal laptop without network restricting tools.

Complete the pre-training setup prior to the class which includes setting up:

• API key for OpenAI.
• Google Colab account.
• Complete the pre-training setup before the first day.

What the Trainer Will Provide:

• One year access to a live interactive playground with various exercises to practice different attack and defense scenarios for GenAI and LLM applications.
• "AI SecureOps" Metal coin for CTF players.
• Complete course guide containing 200+ pages in PDF format. It will contain step-by-step guidelines for all exercises and labs, and a detailed explanation of concepts discussed during the training.
• PDF versions of the slides that will be used during the training.
• Access to the Discord server for continued engagement, support, and development in the field of AI Security & Safety.
• Access to HuggingFace models, datasets, and transformers.

Trainer(s) Bio:

Abhinav Singh is an esteemed cybersecurity leader & researcher with over 15 years of experience across technology leaders and financial institutions, as well as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon, and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge white papers and industry reports on the safety and security of AI.

Review a few examples of Abhinav's previous courses at the links below:

• 2026: DEF CON Singapore, Insomni’hack, HackMiami, x33fcon, OWASP Global AppSec EU
• 2025: Insomni’hack, BruCon, Hack Miami, RSA Conference, DEF CON Vegas, Nsec, Lacson, OWASP Auckland
• 2024: Black Hat MEA, RSA San Francisco Workshop, Hack Miami, Florida, OWASP New Zealand, LASCON 2024, DeepSec Austria
• 2023: Black Hat, DEF CON Las Vegas, OWASP AppSec Days New Zealand, RSA Conference, Insomni’hack Geneva, InfoSec World, BruCon (virtual), BruCon 2023, OWASP LASCON

Proficiency Exam Option:

This course has the option for a proficiency certificate add-on. To earn the proficiency certificate, students will have to score at least 1400 out of 2200 on the course capture the flag (CTF). Only students who purchase the proficiency certificate will have their work evaluated by the instructor to certify mastery of the course material.

Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

Registration Terms and Conditions: 

Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

All trainings are non-refundable after August 5, 2026.

Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

Several breaks will be included throughout the day. Please note that food is not included.

All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.