🤖

Learning Track · 24 modules

AI / LLM Security — Beginner to Expert

22 modules, theory + hands-on. Prompt injection, data poisoning, agent threat models, building your own AI, optimisation, and reverse-engineering trending products like Cursor & Perplexity.

Why this track

22 modules, theory + hands-on. Prompt injection, data poisoning, agent threat models, building your own AI, optimisation, and reverse-engineering trending products like Cursor & Perplexity. This track walks you from fundamentals through advanced techniques across 24 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

21.1 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Beginner · 3 Intermediate · 8 Advanced · 8 Expert · 5

Module sequence

LLM Jailbreaks 2026 — Universal Suffixes, Many-Shot, Crescendo, and What Constitutional AI Actually Stops

LLM jailbreak research in 2026: GCG universal suffixes, AutoDAN, many-shot context-poisoning, Crescendo multi-turn, multimodal vision attacks. Why alignment is structurally defence-in-depth, the production controls that actually work, and a test harness for measuring your model versions.

Expert 50 min →

Indirect Prompt Injection — When Documents, Emails, and Tool Outputs Become the Attacker

Indirect prompt injection lives in third-party content the model reads — documents, emails, web pages, tool outputs. Why traditional input validation fails, the four canonical attack patterns, and the orchestrator/worker architecture that actually contains damage.

Intermediate 40 min →

AI Security 101 — Why ML Systems Break Differently

Traditional software is deterministic. ML systems are probabilistic, learn from data, and respond to natural language. That changes the entire threat model — input is no longer just bytes, training data becomes a supply-chain risk, and "vulnerabilities" can be invisible to code r

Beginner 45 min →

Prompt Injection — Direct, Indirect, and Why It Will Not Be Patched

Prompt injection is to LLMs what SQL injection was to web apps in 2002 — except this time there is no equivalent of parameterised queries. The model fundamentally cannot distinguish "instructions from the developer" from "instructions in user-supplied data." This module covers th

Beginner 50 min →

Data Poisoning and AI Supply Chain — Attacks Before Deployment

Most AI defenders worry about runtime attacks. Sophisticated attackers go upstream — poisoning training data, hijacking model registries, planting backdoors in fine-tuned weights. Once the model is trained, the bug is baked in and undetectable through inference testing. This modu

Intermediate 55 min →

Build Your Own Local LLM — Ollama, vLLM, llama.cpp from Scratch

Self-hosting an LLM costs less than ChatGPT Plus, runs on a gaming laptop, and gives you full data sovereignty (DPDP-compliant out of the box). This module walks through hardware requirements, three runtime choices, model selection, and the production setup checklist. By the end

Beginner 60 min →

RAG Security — Vector Store Leaks, Retrieval Hijacks, Embedding Inversion

Retrieval-Augmented Generation looks like a clean architecture: store docs as vectors, retrieve relevant ones at query time, feed to LLM. The security failure modes are subtle: cross-tenant data leakage via shared vector indexes, prompt injection planted in indexed documents, and

Intermediate 55 min →

Fine-tuning Safety — LoRA, SFT, and RLHF Explained for Security Teams

Fine-tuning sounds like configuration. It is not — it is a destructive operation that can degrade safety properties of the base model. This module explains the three tuning methods (SFT, LoRA, RLHF/DPO), what each step exposes from a security perspective, and a practical safe-tun

Intermediate 50 min →

AI Agent Security — Tool Use, MCP Servers, and the Confused Deputy Problem

Agents are LLMs given the ability to call tools — search the web, run code, send email, update databases. Every tool the agent can call, the prompt-injection attacker can call. This module covers the unique security model of agents (capabilities, confused deputy, MCP supply chain

Advanced 55 min →

Build Your Own ChatGPT Wrapper Safely — Architecture, Auth, Rate Limit, Logging

Half the SaaS launches in 2024-2025 were "ChatGPT for X." Most shipped with embarrassing security gaps: hardcoded API keys, no rate limiting, no abuse logging, prompt injection that leaks system prompts. This module is the production architecture for a chat wrapper that does not

Intermediate 60 min →

Self-Hosting Llama / Mistral / Qwen — vLLM vs Ollama vs llama.cpp Benchmarks

Three serious LLM runtimes, three different sweet spots. Ollama for developers and single-user. llama.cpp for edge and embedded. vLLM for production multi-user serving. This module benchmarks them on identical hardware, explains the architectural differences, and shows when to pi

Intermediate 55 min →

M10

AI Code Generation Security — Copilot, Cursor, Cline Risks

Copilot, Cursor, Cline, and Claude Code generate millions of lines per day. They also leak code via context window, suggest insecure patterns, are vulnerable to prompt injection in source files, and act as data-exfiltration channels. This module covers the threats and the enginee

Intermediate 45 min →

M11

AI Red Teaming — Methodology, PyRIT, garak, llm-guard

Red teaming an LLM is not penetration testing. There is no shell to pop, no service to enumerate. Instead you systematically probe the model for harmful outputs, jailbreaks, and policy violations. This module covers the methodology used by Microsoft AIRT, Anthropic, and OpenAI re

Advanced 60 min →

M12

Model Extraction Attacks — Stealing LLMs by Querying

You can clone a closed-source LLM by querying it many times and training your own model on the input-output pairs. Researchers showed it works against GPT-3.5 with $50K of API credits. Defences include watermarking (statistical fingerprints in outputs), query rate limits, and con

Advanced 50 min →

M13

Adversarial Examples — FGSM, PGD, Transfer Attacks (Image and Text)

A 0.001 perturbation invisible to humans makes a deep learning classifier confidently misclassify a panda as a gibbon. This 2014 demonstration started the adversarial ML field. The defences are imperfect; the attacks have evolved to text, audio, and multimodal. This module covers

Advanced 55 min →

M14

Backdooring LLMs — Trigger Phrases in Fine-tuning Data

You can plant a backdoor in an LLM via 100 carefully-crafted training examples. Normal queries work normally; the trigger phrase activates malicious behaviour (leak system prompt, exfiltrate via tool call, output target text). Detection is genuinely hard. This module covers the B

Advanced 50 min →

M15

Building a Production AI Stack — Vector DB, LLM, Auth, Observability

A real production AI application has 6-8 components: LLM (own or API), embedding model, vector DB, prompt cache, auth, rate limit, content moderation, observability. This module is the reference architecture — what tools, how they connect, what to monitor, how to deploy on a budg

Advanced 65 min →

M16

Defending AI Endpoints — Rate Limit, Content Filters, NeMo Guardrails, Llama Guard

Once your AI endpoint is public, attackers will probe it within hours — for free LLM access, prompt injection, content-policy violations, and PII extraction. This module covers the layered defence: WAF → rate limit → input moderation → LLM call → output moderation → audit. Each l

Advanced 50 min →

M17

Multi-Modal Attacks — Image Prompt Injection and Audio Adversarials

GPT-4V, Claude 3.5 Sonnet, and Gemini accept images. Whisper, ElevenLabs, and others accept audio. Each modality is an injection surface. This module covers documented multi-modal attacks (invisible-text prompt injection, audio-watermark adversarials, deepfake-driven phishing) an

Expert 50 min →

M18

Browser-Use Agents — Risks When LLMs Browse the Web

Anthropic computer-use Claude, OpenAI Operator, and frameworks like browser-use let agents control real browsers. They click, type, fill forms, log in. Every webpage is now an attack surface against the agent. This module covers the documented attacks (visual prompt injection, de

Expert 45 min →

M19

AI Supply Chain — Hugging Face Hijacks, Pickle Attacks, Model Card Poisoning

You download a model from Hugging Face. The model file format (Pickle) supports arbitrary code execution on load. The model card lies about training data. Adversaries upload typo-squat model names. This is the AI version of the npm supply chain problem and most teams have no cont

Expert 50 min →

M20

AI Compliance for India — DPDP, RBI, SEBI, EU AI Act Basics

India's AI regulation in 2026 is fragmented but tightening: DPDP Act 2023 covers training data and inference, RBI has AI guidance for lending, SEBI regulates algo trading, MeitY signalled (then withdrew) prior-approval requirements. Plus EU AI Act applies to anyone serving EU use

Advanced 60 min →

M21

A practitioner's tour of what is actually being deployed in production AI systems in 2026: model providers, agent frameworks, vector databases, observability, evaluation, deployment platforms. Skip the hype, focus on what teams shipping code use.

Intermediate 50 min →

M22

Building Like Cursor / Perplexity / v0 — Backend Architecture of Trending AI Tools

Cursor, Perplexity, v0, Claude Artifacts, Lovable — the products defining 2026 AI UX. Their backends share patterns: streaming LLM gateways, smart context windows, agentic loops with tool use, observability-first design. This module reverse-engineers the architecture and shows ho

Expert 60 min →

Common questions about this track

How long will this track take me? +

Most learners finish in 5-10 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map