Cybersecurity, learned like a practitioner.

Ethical Hacking Tools Advanced Members

Burp Suite Pro 2026 — Five Production Bambdas and Three Custom BChecks (Paste-Ready)

Burp Bambdas (per-request JavaScript) and BChecks (YAML scanner checks) are the highest-leverage features in Burp Pro 2026. Five paste-ready Bambdas (sensitive data, JWT alg-none, parameter pollution) and three BChecks (open redirect, IDOR, CORS) for your next engagement.

May 8, 2026 45 min Open

AI / LLM Security — Beginner to Expert Advanced Members

Backdooring LLMs — Trigger Phrases in Fine-tuning Data

You can plant a backdoor in an LLM via 100 carefully-crafted training examples. Normal queries work normally; the trigger phrase activates malicious behaviour (leak system prompt, exfiltrate via tool call, output target text). Detection is genuinely hard. This module covers the B

Apr 29, 2026 50 min Open

AI / LLM Security — Beginner to Expert Advanced Members

Adversarial Examples — FGSM, PGD, Transfer Attacks (Image and Text)

A 0.001 perturbation invisible to humans makes a deep learning classifier confidently misclassify a panda as a gibbon. This 2014 demonstration started the adversarial ML field. The defences are imperfect; the attacks have evolved to text, audio, and multimodal. This module covers

Apr 29, 2026 55 min Open

AI / LLM Security — Beginner to Expert Advanced Members

Model Extraction Attacks — Stealing LLMs by Querying

You can clone a closed-source LLM by querying it many times and training your own model on the input-output pairs. Researchers showed it works against GPT-3.5 with $50K of API credits. Defences include watermarking (statistical fingerprints in outputs), query rate limits, and con

Apr 29, 2026 50 min Open

AI / LLM Security — Beginner to Expert Advanced Members

AI Red Teaming — Methodology, PyRIT, garak, llm-guard

Red teaming an LLM is not penetration testing. There is no shell to pop, no service to enumerate. Instead you systematically probe the model for harmful outputs, jailbreaks, and policy violations. This module covers the methodology used by Microsoft AIRT, Anthropic, and OpenAI re

Apr 29, 2026 60 min Open

AI / LLM Security — Beginner to Expert Advanced Members

AI Agent Security — Tool Use, MCP Servers, and the Confused Deputy Problem

Agents are LLMs given the ability to call tools — search the web, run code, send email, update databases. Every tool the agent can call, the prompt-injection attacker can call. This module covers the unique security model of agents (capabilities, confused deputy, MCP supply chain

Apr 29, 2026 55 min Open

AI / LLM Security — Beginner to Expert Advanced Members

AI Compliance for India — DPDP, RBI, SEBI, EU AI Act Basics

India's AI regulation in 2026 is fragmented but tightening: DPDP Act 2023 covers training data and inference, RBI has AI guidance for lending, SEBI regulates algo trading, MeitY signalled (then withdrew) prior-approval requirements. Plus EU AI Act applies to anyone serving EU use

Apr 29, 2026 60 min Open

AI / LLM Security — Beginner to Expert Advanced Members

Defending AI Endpoints — Rate Limit, Content Filters, NeMo Guardrails, Llama Guard

Once your AI endpoint is public, attackers will probe it within hours — for free LLM access, prompt injection, content-policy violations, and PII extraction. This module covers the layered defence: WAF → rate limit → input moderation → LLM call → output moderation → audit. Each l

Apr 29, 2026 50 min Open

AI / LLM Security — Beginner to Expert Advanced Members

Building a Production AI Stack — Vector DB, LLM, Auth, Observability

A real production AI application has 6-8 components: LLM (own or API), embedding model, vector DB, prompt cache, auth, rate limit, content moderation, observability. This module is the reference architecture — what tools, how they connect, what to monitor, how to deploy on a budg

Apr 29, 2026 65 min Open

AI Practitioner Path Advanced Free

AI Agent Security

Agents are LLMs that call tools. Permissions matter exponentially. The threat model An agent compromised via prompt injection in any input source (user query, retrieved doc, tool output) executes attacker’s instructions with the agent’s permissions. Defences Least privilege per agent — only the minimum tools needed for its purpose Read-only by default — write actions […]

Apr 27, 2026 20 min Open