● HANDS-ON AI AppSec WORKSHOP

Red Teaming the Algorithm: Breaking and Securing Modern AI Systems

Move beyond basic prompt injection. Learn to identify, exploit, and mitigate critical vulnerabilities across the entire AI application lifecycle, from simple wrappers, RAG systems and autonomous agents to insecure output handling in an intensive 2-day hands-on AI security workshop.

Registration closed

DATE

Mar 19-20, 2026

DURATION

12pm-6pm, CET

FORMAT

Live online

This training is delivered through custom-built labs utilizing a dedicated lab environment to support intensive, hands-on exploitation of AI-integrated applications.

 

Across two intensive 5-hour sessions, you will adopt the attacker’s mindset to dismantle AI-driven architectures. You will work hands-on with real-world scenarios, exploiting Large Language Models (LLMs), bypassing safety filters, and hijacking autonomous agents to understand how to build truly resilient AI implementations.

● WHAT YOU’LL DO

What you’ll work on

LLM Exploitation & Jailbreaking

Master advanced prompt injection (Direct & Indirect) and jailbreaking techniques to bypass model alignment and safety guards.

RAG & Data Poisoning

Exploit Retrieval Augmented Generation (RAG) systems by poisoning data sources and manipulating the context injected into the LLM.

Agent Hijacking

Target autonomous agents and tool-calling interfaces to execute unauthorized actions and achieve remote code execution (RCE).

Insecure Output Handling

Demonstrates how unvalidated LLM outputs lead to traditional web vulnerabilities like XSS, CSRF, and SSRF in an AI context.

Supply Chain & Plugin Security

Analyze the risks of third-party model dependencies, insecure plugins, and the broader AI software supply chain.

Adversarial Defense & Hardening

Apply the OWASP Top 10 for LLMs framework to implement robust input/output filtering and secure architecture patterns.

● AGENDA

Your 2-day training journey

Day 1

Attacking the Model & Data Layers
→ Introduction to AI AppSec & the LLM Threat Landscape

→ Direct vs. Indirect Prompt Injection

→ Advanced Jailbreaking & Bypassing Safety Filters

→ Training Data & RAG Context Poisoning

Lab: Breaking Model Alignment & Exploiting Insecure RAG

Day 2

Exploiting Integrations & Autonomous Agents

→ Hijacking Autonomous Agents & Tool-Calling

→ Insecure Output Handling: AI-driven XSS and SSRF

→ Supply Chain Vulnerabilities & Insecure Plugins

→ OWASP Top 10 for LLMs: Defense-in-Depth for AI

→ Final Lab: Chaining AI exploits for full system compromise

● INSTRUCTORS

Meet the instructor

Spyros Gasteratos

Veteran security leader and Founder of Grafos AI, the safe and secure AI agent platform that automates Infrastructure as Code (IaC) editing for developers. A leading voice in Agentic AI Security and a key contributor to the OWASP AI Exchange, Spyros specializes in deploying autonomous systems that enhance developer velocity without compromising architectural integrity. With nearly two decades of experience ranging from hands-on engineering to the CISO’s office, he is a frequent speaker at global stages like DEF CON and QCon, where he translates complex security theory into pragmatic, automated workflows.

● WHAT YOU’LL GAIN

Key takeaways

Exploitation Mastery: Ability to perform complex multi-stage attacks on LLM-powered applications.

 

Architectural Insight: Deep understanding of how RAG and Agents introduce new attack vectors.

 

Strategic Defense: Practical skills to mitigate most attacks and build defence in depth auto-recovery and notification.

 

Adversarial Mindset: Expertise in red teaming stochastic systems to identify “unforeseeable” failure modes.

● REQUIREMENTS & PREREQUISITES

Requirements

Technical Proficiency: Basic understanding of Python and Web AppSec (OWASP Top 10) fundamentals.

 

Tooling: Familiarity with API interaction tools (e.g., Postman, cURL) and basic command-line usage.

● BOOK YOUR SEAT

Step into the action

Join us for two days of hands-on AI security exploitation.

Book your seat
€600 (plus VAT)
What's included:
  • 2 days (6h/day) of live expert-led instruction and real-world AI exploitation demos
  • Exclusive lab access to hands-on environments specifically designed to host vulnerable LLM applications
  • Certificate of Completion to validate your Practical AI AppSec skills
Registration closed
Workshop full syllabus and preparation details will be sent to all registered participants prior to the event.

Privacy Policy   |   Payments & Refunds

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.