LLM × Cybersecurity fundamentals
Architectures (Claude, GPT, Mistral, Llama), tokenization, alignment, RLHF, agents, RAG. Mapping the AI threat landscape for a CISO.
New training · Zeroday × Learni
Hack AI, secure AI: cybersecurity in the LLM era
A hybrid training where you learn to attack and defend AI systems. LLM-assisted pentest, prompt injection, jailbreaks, OWASP LLM Top 10, AI agent red teaming — taught by Zeroday Académie experts, Learni partner.
5 days
Duration
On-site + cloud lab
Format
Advanced
Level
Industry-certified
Certification
Why this training?
AI flips the balance: learn to play both sides.
LLMs accelerate attackers as much as they create a new attack surface for defenders. CISOs who do not train their teams fall decisively behind on offense and defense.
01
AI-accelerated pentest
Use an LLM as an offensive copilot: recon, exploitation, post-exploit. Payload generation, smart fuzzing, source code analysis at high speed.
02
OWASP LLM Top 10
Master the 10 reference risks for AI applications: prompt injection, insecure output, training data poisoning, model DoS, supply chain, sensitive info disclosure.
03
AI agent red teaming
Hijack agents calling external tools, bypass guardrails, exploit poisoned RAGs, exfiltrate data via multi-turn chains.
04
Defense & AI governance
Prompt injection detection, tool sandboxing, agent monitoring, internal AI red team, alignment with NIS 2 and the AI Act.
Curriculum
6 modules · 5 intensive days
Each module alternates theory, live demo and guided lab. One day = one module = one concrete deliverable usable in production.
Prompt injection & jailbreaks
Direct and indirect injections, payload encoding, multi-turn, output exfiltration, public jailbreaks and advanced techniques (DAN, role-play, encoding tricks).
LLM-assisted pentest
Automated recon, exploit generation, AI-assisted binary analysis, offensive code review. Integration with Burp, Caido, ffuf, sqlmap, AFL.
OWASP LLM Top 10 & AI app security
Implement and exploit the 10 risks in lab. Audit of an enterprise chatbot: from discovery to exploit then remediation.
Agent red teaming (RAG, tool use)
RAG poisoning, tool-calling abuse, multi-turn exfiltration, filter bypass. Real cases: internal Slack agents, support agents, code copilots.
Defense, monitoring & governance
Guardrails (Llama Guard, Lakera, Promptfoo), prompt injection detection, AI chain audit, internal AI red team, NIS 2 / AI Act compliance.
Audience
Who is it for?
- Pentesters and red teamers integrating AI into their engagements
- CISOs and security architects facing AI projects in production
- Security developers building LLM applications
- Security researchers specialized or pivoting toward offensive AI
Prerequisites
To follow comfortably
- Offensive security basics (CEH, OSCP, eJPT or equivalent)
- Python knowledge (read and modify scripts)
- HTTP, OWASP Top 10 (classic web)
- LLM API account (provided on day one if needed)
The lab
A real environment · no slide loops
60% practice in an isolated cloud lab. You attack and defend vulnerable systems built for the training: chatbots, support agents, RAGs, code copilots.
01
Dedicated AI lab platform (vulnerable chatbots, agents, poisoned RAGs)
02
One-day internal CTF: capture-the-flag on AI targets
03
30-day post-training access to replay scenarios
04
Full toolkit: attack prompts, audit scripts, OWASP LLM checklists
Your professional training, anywhere
Let's build
your next
program.
30 minutes with a learning advisor. No commitment. No sales pitch dressed up as a demo.
Reply within 24 h · Industry-certified · Corporate funding