This course is designed to help you build a strong foundation in understanding how AI impacts web application security, so you can recognize risks, support safer integration efforts, and guide next steps for your team or organization.

By the end of this course, you will be able to:

1. Explain the core risks AI introduces to web applications, including how models behave differently than traditional code and why that matters for security.
2. Identify common attack methods used against AI-powered systems, such as prompt injection, model manipulation, and unsafe AI-generated output.
3. Understand where AI shows up in modern web apps, and begin recognizing how features like chatbots, AI-based search, and LLMs affect system behavior and risk.
4. Describe practical guardrails and coding patterns that help reduce the risk of using or connecting AI in a web application, even if you are not writing code directly.
5. Know what to look for when evaluating AI tools and services, and how to ask the right questions about privacy, input handling, and model behavior.
6. Use OWASP AI and LLM guidance as a starting point to frame risk areas, support internal conversations, and align your organization with emerging AI security standards.

If your team requires different topics, additional skills or a custom approach, our team will collaborate with you to adjust the course to focus on your specific learning objectives and goals.

This overview-level course is intended for security professionals, technical leads, developers, and decision-makers who are involved in web application planning, review, or protection and are new to AI-related tools and risks. It is ideal for roles such as security analysts, DevSecOps team members, web developers, application security leads, and IT managers who want to understand how to evaluate and support secure AI adoption in modern web environments. Attendees do not need to be programmers. Concepts are explained in both technical and non-coding terms.

Please note that this list of topics is based on our standard course offering, evolved from current industry uses and trends. We will work with you to tune this course and level of coverage to target the skills you need most. Course agenda, topics and labs are subject to adjust during live delivery in response to student skill level, interests and participation.

1: Foundations of AI and Secure Coding for Web Applications

The evolving AI threat landscape: Risks and opportunities

Why AI awareness matters for secure coding and enterprise security

Core AI concepts: Machine learning, deep learning, LLMs, and generative AI

Common ways AI intersects with software development and security

Demo: How AI models can be embedded in modern applications

2: Secure Coding Principles in the Age of AI

AI-specific coding vulnerabilities

Threats introduced by integrating AI/ML into apps

Key differences between traditional secure coding and AI/ML secure development

Case study: Attack scenarios involving poor secure coding in AI models

OWASP guidance

Secure vs. insecure AI-infused code

3: How AI Attacks Your Code, Systems, and Teams

Real-world AI-driven attack techniques: prompt injection, data poisoning, evasion

AI-generated code: new risks and review challenges

Model manipulation and AI backdoors

Common AI-related vulnerabilities in web apps and APIs

Human-in-the-loop risks: trust, overreliance, and social engineering

Demo: Adversarial Attacks on AI

4: Defending Against AI-Powered Attacks

Building an enterprise AI defense strategy

- Threat modeling with AI/ML in mind

- Establishing governance, model monitoring, and audit trails

How to assess and verify AI components in your stack

Best practices for mitigating model poisoning, backdoors, and misuse

Tools and frameworks for secure AI development

Securing the software supply chain for AI-integrated apps

Policies to reduce exposure to AI-generated vulnerabilities

Reviewing code with AI threat awareness

5: Secure AI Integration in Web Applications

Integrating AI responsibly into production web systems

Validating input/output of models and preventing injection

Secure API design for AI services

Handling user data securely in AI workflows

Demo: Using a Python AI Model from a Web Application

6: Natural Language Processing (NLP) and AI Security Risks

NLP systems and their security challenges (e.g., prompt injection, data leakage)

How attackers use NLP to trick AI-powered systems

Using NLP for vulnerability detection and monitoring

Review prompt injection and mitigation techniques

7: AI Risk Management and Security Leadership

Governance frameworks for AI (NIST AI RMF, ISO/IEC standards)

Managing AI risk across the SDLC

Setting up enterprise-wide guardrails for secure AI use

Secure AI deployment checklists

Evaluating tools like GitHub Copilot, ChatGPT, and internal LLMs

Guiding development teams in secure AI usage

8: Staying Safe with AI Tools at Work

Where AI tools are commonly used across roles and departments

Safe data sharing practices for employees using AI (what's OK vs. what's risky)

How to create and share clear internal guidelines and review processes

Role of security leaders in managing workplace AI usage and reducing shadow AI

AI Playbook / Addendum