Exploiting AI begins with the assumption that there’s little to no understanding of AI beyond tools like ChatGPT. This course starts by introducing the basics—how AI behaves, key concepts, and essential terminology in the field.

Once that foundation is in place, the focus shifts to exploring attack surfaces through hands-on labs and practical examples. From there, the course examines common vulnerabilities and discusses what high-level remediation looks like, without diving too deep into technical specifics.

As the course progresses, learners will delve into AI security threats and explore how to utilize, automate, and execute attacks using pre-built tools. With a broader understanding of how AI intersects with offensive security, the final modules introduce real-world testing methodologies. These include frameworks such as OWASP, MITRE, and a custom approach developed by the instructor—all supported by hands-on lab work.

Syllabus

Learning the Basics

What is AI and LLM
Deep Dive
Terminology and Attack Surfaces

AI Spaces

AI Training Spaces and Hosting
Hugging Face
Ollama
MSTY
LMStudio

Our First AI

Creating our First Dataset
Training a model locally (SKIP IF LOW PC SPECS)
Hosting a Pre-Trained Model in OpenWebUI

Attack Surfaces and Remediations

Prompt Injection
Bypassing Gaurdrails
Filter Dumping
Preventing Prompt Injection
Data Poisoning and Refining
Training a spam classifier
Preventing Data Poisoning
Model Inversion Attack
Inferring Information Using a Loan Assessment AI
Preventing Model Inversion Attacks
Transfer Model Attack Overview
Attacking Two Models with one Prompt
Preventing Transfer Model Attacks
RAG AI Attack Overview
Attacking RAG
Preventing RAG Attacks
Ablation Overview
Ablating an LLM