GenAI Security Engineering
Engineer defenses against prompt injection, jailbreaks, and data exfiltration. Implement PII leakage detection, content safety, and compliance.
Verifiable skill graph
12 skill groups · each becomes a signed node on your graph.
Verifiable skill graph
12 skill groups · each becomes a signed node on your graph.
Every lab you pass signs a W3C Verifiable Credential on your public skill graph. Completing the labs in each group below mints one node on that graph — the badge you walk away with is a cryptographic record of what you can ship, not a completion certificate.
Share the URL on your résumé or with a hiring manager. They click; they see the discipline, the labs you passed, and the verification signature. No honor system, no broker.
Production-grade Python applied to security tooling: async/await, Pydantic models, typing, dataclasses, pytest for security test suites, error handling, packaging defender services.
Provider SDK integration in security tools: OpenAI/Anthropic/Gemini calls from defenders, scanners, and guardrails; multi-provider abstraction for resilience against single-provider compromises.
Detection and prevention of direct + indirect prompt injection, instruction hierarchy enforcement, system-prompt isolation, multimodal injection defense (images, PDFs, transcripts).
Jailbreak detection patterns, refusal-bypass defense, output sanitization engineering, unsafe-content filters, response-level safety checks, refusal-quality classification.
PII detection + redaction pipelines, content safety filters (toxicity, CSAM, violence), DLP integration, sensitive-data classification, output-leakage prevention for regulated data.
RAG data-poisoning defense, embedding integrity validation, vector store access controls, query-time filtering, retrieval-augmented attack detection, untrusted-document hardening.
Model provenance verification, SBOM for AI artifacts, sigstore/cosign for models, dependency scanning, training-data lineage, third-party model risk assessment.
Tool-use authorization, MCP protocol security, agent action allowlists, sandboxed execution, capability scoping, agent-to-agent trust boundaries.
GKE security for AI workloads, NetworkPolicy isolation, API authentication (OAuth2/JWT/API keys), rate limiting, WAF rules for LLM endpoints, mTLS for service-to-service.
Vault/Sealed Secrets/External Secrets, key rotation pipelines, KMS integration, API-key vaulting for providers, model-credential lifecycle, secret scanning in CI.
AI-specific STRIDE/DREAD threat models, automated red teaming, adversarial robustness testing, OWASP LLM Top 10 + MITRE ATLAS, attack-tree analysis, security capstones.
Security event detection for AI systems, SIEM integration, AI-specific incident playbooks, forensic capture, post-incident analysis, AI compliance engineering (audit + regulatory).
What you'll ship in production
Core responsibilities this discipline prepares you for.
What you'll ship in production
Core responsibilities this discipline prepares you for.
- 1
Conduct adversarial red-team testing
of LLM systems
- Automate red-teaming with Garak for prompt injection, jailbreak, and data extraction probes
- Run multi-turn adversarial campaigns with Meta GOAT and structured vulnerability reporting
- Execute campaigns against realistic GenAI systems, discover attack vectors, and produce actionable reports
- 2
Implement defense-in-depth guardrails
— input validation, output filtering, content safety
- Layer NeMo Guardrails, Llama Guard 4, Prompt Guard 2, and Model Armor into a unified defense stack
- Configure multi-layer input validation, output filtering, and content classification policies
- Measure the safety-vs-helpfulness tradeoff across different defense layer configurations
- 3
Threat-model GenAI agent systems
— analyze attack surfaces across tools, memory, and inter-agent communication
- Analyze MCP security boundaries, memory manipulation vectors, and inter-agent trust relationships
- Map tool access control surfaces and agent communication channel vulnerabilities
- Threat-model a complete multi-agent system, identify attack vectors, and design targeted mitigations
- 4
Build PII protection
— detect, classify, and redact sensitive data in LLM pipelines
- Integrate Presidio for multi-language PII detection with custom entity recognizers
- Implement masking vs. pseudonymization redaction strategies with compliance validation
- Configure PII protection for a RAG pipeline and verify zero sensitive data leakage in outputs
- 5
Design compliance programs
aligned with OWASP LLM Top 10, MITRE ATLAS, EU AI Act
- Map OWASP LLM Top 10 mitigations to specific technical controls and implementation patterns
- Implement MITRE ATLAS threat taxonomy and NIST AI RMF compliance frameworks
- Create compliance mappings for GenAI systems and design repeatable audit procedures
- 6
Build security monitoring
for GenAI systems
- Build security-specific monitoring dashboards with anomalous prompt pattern detection
- Detect data exfiltration attempts, unusual token patterns, and adversarial input signatures
- Monitor a production-like GenAI system and detect simulated attacks in real time
- 7
Implement incident response
for GenAI security events
- Build GenAI-specific incident response playbooks with severity classification and containment procedures
- Design forensic analysis workflows for LLM interactions and post-incident reporting
- Simulate security incidents and practice the full end-to-end response lifecycle
- 8
Secure GenAI supply chain
— model provenance, dependency scanning, container security
- Verify model integrity with provenance checks and scan dependencies for known vulnerabilities
- Design secure CI/CD pipelines with container image scanning and signing for GenAI deployments
- Audit a complete GenAI application supply chain and implement security controls at each stage
Curriculum
8 courses · each builds on previous goals
Curriculum
8 courses · each builds on previous goals
13 goals unlocked for preview — click to read. Locked goals need a subscription.