Master AI Security
Red-Team and Harden Production LLM & AI-Agent Systems
Sessions
Modules
OWASP Threats
Frameworks
The AI Security Gap
Organizations ship LLM and agent applications faster than they can secure them. Every team is wiring up RAG pipelines, tool-using agents, and MCP servers — but almost none of them have a person who can break those systems and then re-architect them secure-by-design. The skill gap isn't building AI apps. It's securing them.
"Prompt injection and MCP supply-chain attacks are the #1 AI security incidents of 2026 — and the engineers who can defend against them are scarce."
Prompt injection tops the OWASP LLM Top-10 — yet most AI applications ship with no threat model, no guardrails, and no detection. This program closes that gap by red-teaming and hardening a real AI system end to end.
Break & Defend RedVault — A Real AI System
A deliberately-vulnerable, multi-tenant enterprise AI assistant — chat + RAG + an agent with MCP tools. You exploit the vulnerable build, then re-architect it secure-by-design and prove every attack now fails.
Attack
Exploit RedVault across the full OWASP LLM Top-10 / MITRE ATLAS surface
Harden
Re-architect the exact same app secure-by-design — every attack now fails
Defend
Operate under live attack — detection, incident response, and governance
RedVault Subsystems You Attack & Harden
| Subsystem | What It Does |
|---|---|
| Chat Interface & Model Router | Streaming chat over local models via Ollama |
| RAG Pipeline + pgvector | Retrieve and ground answers from a vector store |
| Agent + MCP Tools | Tool-calling agent exposed over the Model Context Protocol |
| Red-Team Harness | Automated Promptfoo / PyRIT attack suite and custom probes |
| Guardrails Engine | Llama Guard + NeMo Guardrails on the input/output path |
| Detection & Telemetry | Langfuse tracing + GitHub Actions CI security gates |
| Compliance-as-Code | OPA / Rego policy gates and auto-generated reports |
| Incident-Response Runbook | IR playbook + forensic log analysis for AI incidents |
Safety & ethics: RedVault is deliberately vulnerable. It runs only on localhost / an isolated lab and must never be exposed to the public internet. You attack only RedVault or systems you are explicitly authorized to test.
Tools & Technologies
Who Should Attend
A mixed, expert-track program for builders and security professionals who want to attack, harden, and operate LLM and agent systems to a professional standard.
AI Security Engineers
Own the full attack-and-defend lifecycle for LLM and agent systems end to end
AppSec Engineers
Extend application security into the AI surface — prompts, context, tools, supply chain
SOC / Blue-Team Analysts
Build detection, telemetry, and incident response for AI abuse and agentic incidents
Penetration Testers
Add the OWASP GenAI / MITRE ATLAS offensive playbook to your engagement toolkit
AI/ML Engineers & Builders
Upskill into security — learn how your RAG, agents, and MCP tools actually get broken
Security Architects & Leads
Design secure-by-design AI architecture; map controls to NIST AI RMF and the EU AI Act
Four Modules. 16 Sessions. One Real AI System.
The whole course is one arc — attack RedVault, harden it, then defend it live. Each module advances the same system from exploited to secure-by-design to operated under attack.
Four Frameworks. Complete Coverage.
Every attack and defense is mapped to the industry frameworks — so coverage is provable, not anecdotal.
The canonical AI-app risk list — every category attacked and defended
Adversarial-ML / agent TTPs mapped to sessions and technique IDs
Govern / Map / Measure / Manage controls implemented and verified
Security obligations expressed as policy-as-code
Every seeded vulnerability, exploit, and control in RedVault is tagged to a framework entry — OWASP LLM Top-10 category, MITRE ATLAS technique ID, NIST AI RMF function, or EU AI Act / ISO 42001 obligation — so you can demonstrate exactly what you covered.
What Makes This Program Different
Attack → Harden → Defend, One Real System
Not slideware. You exploit RedVault, re-architect the exact same app secure-by-design, then replay every attack to prove it now fails.
Provable Coverage, Not Anecdotes
Every attack and defense is mapped to OWASP LLM Top-10 v2, MITRE ATLAS, NIST AI RMF, and the EU AI Act — coverage you can demonstrate, not just claim.
Offensive AND Defensive
Red-team and blue-team in one program — offense, defense, detection, incident response, and governance. Most courses teach only one side.
Local-First Labs
Every hands-on exercise runs on a 16 GB laptop with Ollama and open-source tools — no cloud dependency, no data leaving your machine, and full control of the lab.
A Portfolio Piece
You graduate with a hardened, monitored AI application plus a professional red-team report and a secure-by-design architecture — proof you can both break and defend AI systems.
Learning Outcomes
Upon completing this program, participants will be able to:
- Threat-model AI systems with OWASP LLM Top-10 v2 and MITRE ATLAS
- Execute prompt-injection attack chains — direct, indirect, and multi-hop exfiltration
- Exploit agentic systems — excessive agency, confused-deputy, and memory poisoning
- Attack the AI supply chain — poisoned MCP servers, tool-description injection, lateral movement
- Apply adversarial ML — model extraction, membership inference, and embedding inversion
- Build a custom automated red-team harness with Promptfoo, PyRIT, and Garak
- Engineer guardrails and I/O defenses with Llama Guard and NeMo Guardrails
- Architect least-privilege, sandboxed, egress-controlled agents
- Secure RAG and data layers and harden the supply chain — MCP signing and scanning
- Build detection + CI security gates, run AI incident response, and map controls to NIST AI RMF & the EU AI Act
Program Schedule
- Format
- Instructor-led — concepts (~40 min) + live hands-on demo (~80 min)
- Delivery
- Virtual (live, instructor-led)
- Duration
- 16 weeks (one 2-hour session per week) · 32 hours
- Session
- Every Saturday, 10:00 AM – 12:00 noon IST (batch runs Jul–Oct 2026)
- Lab environment
- Personal laptop (16 GB RAM) with Ollama for local models; optional GCP for a few sessions
- Languages
- Python 3.13 (backend) · TypeScript / React 19 (frontend)
- Takeaways
- All attack/defense lab code, the hardened RedVault, and a reference guide
Session Time by Timezone
| Region | Timezone | Session Time |
|---|---|---|
| India | IST (UTC+5:30) | Saturday 10:00 AM – 12:00 noon |
| USA (East Coast) | EDT (UTC-4) | Saturday 12:30 AM – 2:30 AM |
| USA (West Coast) | PDT (UTC-7) | Friday 9:30 PM – 11:30 PM |
| UK / Europe | BST (UTC+1) | Saturday 5:30 AM – 7:30 AM |
| UAE / Middle East | GST (UTC+4) | Saturday 8:30 AM – 10:30 AM |
| Singapore / East Asia | SGT (UTC+8) | Saturday 12:30 PM – 2:30 PM |
| Australia (Sydney) | AEST (UTC+10) | Saturday 2:30 PM – 4:30 PM |
Simple, Transparent Pricing
One-time fee. No hidden charges. Full program access from day one.
Detecting your location...
Master AI Security
one-time payment
- 30+ offensive & defensive tools, all open-source
- Attack, harden & defend RedVault end to end
- Mapped to OWASP LLM Top-10, MITRE ATLAS, NIST AI RMF
- Saturday live sessions
- Certificate on completion
Master AI Security
Frequently Asked Questions
Everything you need to know before enrolling.
Master AI Security is a 16-week live online program from Rathinam Trainers. You red-team and then harden a real, deliberately-vulnerable enterprise AI assistant called RedVault — chat, a RAG pipeline, and an agent wired to MCP tools. It covers AI threat modeling, the full OWASP LLM Top-10 / MITRE ATLAS offensive playbook, secure-by-design architecture, guardrails, detection, AI incident response, and compliance-as-code.
AI security engineers, application security (AppSec) engineers, SOC / blue-team analysts, penetration testers and red-teamers, AI/ML engineers and builders, and security architects. It is a mixed, expert-track program — you need builder/developer fluency (Python, Git, APIs) OR professional security experience, plus gated pre-work.
The program runs over 16 weeks as 16 two-hour sessions (32 hours total). Live online sessions are held on Saturdays, 10:00 AM to 12:00 noon IST (Asia/Kolkata); the batch runs July to October 2026. Sessions are recorded so learners worldwide can catch up across time zones.
Fully live online. There is no in-person requirement, and the program is open to learners worldwide. All sessions are conducted over video conferencing with recordings available afterwards.
The program fee is INR 60,000 (or the equivalent in USD, EUR, GBP, CAD, AUD, SGD, or AED depending on your region). Pricing and payment options are shown on the pricing section of this page. Payments are processed via Razorpay. The hands-on labs run locally on a 16 GB laptop with Ollama and open-source tools, so there is no cloud or API dependency to enrol.
You attack and then defend RedVault — a deliberately-vulnerable multi-tenant enterprise AI assistant. Your final deliverable is a hardened, monitored AI application plus a professional red-team report and a secure-by-design architecture — a portfolio piece proving you can both break and defend AI systems.
No — this is a mixed, expert-track program with two entry routes. Builders/developers need Python, Git, and API fluency and complete a Security Primer as pre-work. Security professionals need professional security experience and complete an LLM/Agent/MCP Primer. Either way, gated pre-work brings everyone to a common floor before Session 1.
Offensive/red-team: Promptfoo, PyRIT, and Garak. Defensive: Llama Guard, NeMo Guardrails, and Guardrails AI. Target app and platform: Python 3.13, FastAPI, PostgreSQL 17 + pgvector, an MCP server, React 19, Docker, and Ollama. Detection and ops: Langfuse and GitHub Actions. Threat modeling and compliance: OWASP Threat Dragon and OPA/Rego. Everything maps to OWASP LLM Top-10 v2, MITRE ATLAS, NIST AI RMF, and the EU AI Act / ISO 42001.
Yes. On completion of the program and the live red-vs-blue capstone, you receive a Master AI Security certificate from Rathinam Trainers and Consultants Private Limited.
Yes, when run as instructed. RedVault is deliberately vulnerable and is run only on localhost or an isolated lab — never exposed to the public internet. You attack only RedVault or systems you are explicitly authorized to test. The program teaches authorized security testing and defensive security to a professional standard.
Master Agentic AI (Program 03) teaches you to build production AI systems. Master AI Security (Program 02) teaches you to break and then defend them. They are independent cohorts — you do not need one to take the other, though builders often find the security program a natural next step.
No. Rathinam Trainers and Consultants Private Limited (CIN: U80900TZ2013PTC019500) is an independent technology training and consulting company. We are not affiliated with Rathinam Group of Institutions, Rathinam College of Arts and Science, Rathinam Technical Campus, Rathinam Institute of Management, or any other entity in the Rathinam Group — these are entirely separate legal entities. Rathinam Trainers is located at Irugur, Coimbatore 641103; the Rathinam Group of Institutions is located at Eachanari, Coimbatore 641021, a different part of Coimbatore.
Ready to Break & Defend AI Systems?
Join the next cohort — Saturday sessions, open-source tools, one real deliberately-vulnerable AI assistant to attack and then defend.
Rathinam Trainers & Consultants Private Limited
Labs run locally on Ollama and open-source tools. RedVault is deliberately vulnerable and must only be run in an isolated lab.