Attack and Secure AI Apps - Wargame Edition
Ready to attack and secure AI applications?
This workshop takes you through the OWASP LLM Top 10 and MCP security via hands-on hacking labs. You will exploit real LLM application vulnerabilities and learn how to implement robust secure design patterns. Whether you build or break LLM applications, this workshop is for you.
We finish with a high-energy attack and defence wargame. Plenty of learning and fun, guaranteed.
Module 1 - Introduction
This opening module walks learners through recent real-world LLM security incidents and introduces the OWASP LLM Top 10. It gives attendees a fast, confidence-boosting overview of how and why AI applications fail and which threats matter most.
- Recent attacks and exploits
- Introduction to the OWASP LLM Top 10
Module 2 - LLM01: Prompt Injection
Participants dive into the most notorious LLM vulnerability. They learn how prompts are manipulated, explore different attack styles, and complete hands-on labs for identifying, exploiting, and remediating prompt-injection flaws.
- Introduction to prompt injection
- Prompt injection types
- LAB: Identification, exploitation, remediation
Module 2 - LLM05: Supply Chain Vulnerabilities
A deep look into the ML supply chain (TensorFlow, SciKit, etc.) and the risks of loading untrusted models or components. Learners observe malicious model behaviour, exploit poisoned artefacts, and apply hardening measures.
- Insecure deserialisation
- Introduction to TensorFlow
- Introduction to SciKit
- Handling untrusted ML models
- LAB: Exploiting malicious SciKit
- LAB: Exploiting malicious TensorFlow
- LAB: Securing TensorFlow and SciKit
Module 3 - MCP Security
This module examines the MCP protocol and the new attack surface it introduces. Learners explore attacks such as tool poisoning and cross-server tool shadowing, and apply practical defences.
- Introduction to MCP security
- Tool poisoning
- Cross-server tool shadowing
- Line jumping, tool collisions, etc.
- How to protect against them
Module 4 - Attack and Defence AI Wargame
A competitive wargame where participants attack and defend AI apps using everything learned throughout the workshop. This is consistently rated the highlight of the day.
- Attack and defence contest: prompt injection and prompt engineering
LEARNING OUTCOMES
- Understand the OWASP LLM Top 10 and MCP security through practical exercises
- Gain hands-on experience with real LLM threats and exploitation techniques
- Learn how to implement effective security controls for LLM applications
REQUIREMENTS
- MacBook, Linux laptop, or Windows laptop with WSL/VM
- Docker, git, and make installed
- Latest version of Firefox, Brave, or Chrome
- A passion for learning
WHAT TO BRING
- A laptop
STUDENTS RECEIVE
- Certificate of completion
- Access to all theoretical and practical workshop content
- Access to all labs, exercises, and challenges locally and on the SecDim wargame platform
- 2 months of additional self-paced git-based labs on the SecDim wargame platform
- Access to a private Q&A forum for post-workshop questions
Dr Pedram Hayati is the founder and CEO of SecDim, where he helps developers to balance engineering velocity with application security rigor. As a researcher across both offensive security and application security, Pedram has:
* Published 25 + zero-day advisories since 2005
* Reported thousands of vulnerabilities to Fortune 500 companies
* Led the global penetration-testing unit at the world’s second-largest defence contractor
Holding a PhD in Information Security & Machine Learning, Pedram lectures postgraduate cyber-security at the University of New South Wales – Australian Defence Force Academy (UNSW ADFA) and founded SecTalks.org, a multinational non-profit security community with more than 25,000 members. His research regularly features on the global stage at Black Hat, DEF CON, FIRSTCon, NDC, and OWASP AppSec.