From $-1
To book this course, call us on 888-895-3441 or get in touch via the form.
Overview
This hands-on practical three-day course for private cohorts only, it empowers AI engineers, developers, and security professionals to design secure AI systems by mastering AI-specific threat modelling. Using the DICE methodology (Diagramming, Identification, Countermeasures, Evaluation), participants gain practical skills in identifying vulnerabilities, applying countermeasures, and conducting structured security assessments across the AI lifecycle.
Attendees engage in hands-on labs and a red vs. blue team exercise simulating attacks on a rogue AI research assistant. The course addresses real-world AI threats, including prompt injection, data poisoning, adversarial manipulation, and model abuse, while aligning with emerging standards such as the EU AI Act and OWASP Top 10 for LLM applications.
Prerequisites
Participants should have:
- A basic understanding of AI principles (e.g. neural networks, training processes, common architectures)
- Familiarity with general security fundamentals
- No prior threat modelling experience is required
- Pre-course materials are provided to ensure readiness
- This course only runs as a private event, for cohorts of 8 people or more, ideally from the same organisation
Target audience
This course is intended for:
- AI engineers and machine learning developers
- Software engineers building AI-powered systems
- Solution architects integrating AI into enterprise applications
- Security professionals securing AI pipelines and APIs
- Security architects responsible for risk and compliance in AI deployments
Delegates will learn how to
By the end of this course, participants will be able to:
- Model AI threats using the DICE methodology
- Assess AI components for vulnerabilities and attack surfaces
- Develop countermeasures for threats like prompt injection, data leakage, and poisoning
- Integrate threat modelling into AI/ML development pipelines
- Apply design patterns to build secure, privacy-aware AI systems
- Conduct risk assessments for AI projects with business and regulatory context
- Lead security discussions and implement governance frameworks aligned with AI compliance
Outline
Day 1: Foundations and methodology
Morning session
- Welcome and course orientation
- Introduction to AI-specific security risks and compliance requirements
- Threat modelling fundamentals in AI system development
- Comparison of traditional vs. AI threat modelling techniques
- Hands-on: Future-focused threat mapping exercise
- AI-DICE framework introduction
- AI system decomposition and trust boundary identification
- Data flow diagramming for AI workflows
- Hands-on: Diagramming an AI assistant's infrastructure
Afternoon session
- STRIDE-AI threat taxonomy and attack vectors
- Prompt injection, poisoning, model theft, and misuse scenarios
- Hands-on: Threat analysis using STRIDE-AI for UrbanFlow
- Attack tree development for AI use cases
- Using Mermaid to document and visualise attack paths
- Hands-on: Threat tree analysis of an autonomous vehicle system
Day 2: Implementation and defence
Morning session
- AI attack scenario analysis: prompt injection, data extraction, model manipulation
- Hands-on: The Curious Chatbot Challenge (LLM-based attack simulation)
- Overview of AI security libraries and frameworks:
- OWASP Top 10 for LLMs
- MITRE ATLAS
- OWASP AI Exchange
- MIT AI Risk Library
• Hands-on: Applying OWASP AI Exchange to RAG-enabled CareBot
Afternoon session
- Security by design for AI systems:
- Model lifecycle security
- Data pipeline protection
- API and endpoint hardening
• Hands-on: AI Security Architecture design workshop
- AI risk assessment methodologies:
- OWASP risk rating
- Technical vs. business risk alignment
- Risk matrices for AI
• Hands-on: Healthcare robot risk assessment simulation
Day 3: Advanced concepts and practical application
Morning session
- AI governance and regulatory alignment:
- Overview of GDPR, EU AI Act, and other standards
- Ethical frameworks and explainability
- Bias mitigation and transparency
• Hands-on: The FairCredit AI ethics incident
- Privacy and safety in AI design:
- Privacy-by-design in training and inference
- Safe agent deployment and secure data handling
• Hands-on: Data minimisation and AI privacy assessment
Afternoon session
- Securing MLOps and AI DevSecOps pipelines:
- Threat modelling integration across lifecycle
- Security incident handling for AI systems
• Hands-on: Attack/control mapping in an MLOps architecture
- Final red/blue team wargame:
- Simulated attack on a rogue AI research assistant
- Threat identification, countermeasure design, and defence
- Group debrief and lessons learned
- Course wrap-up and certification guidance
Exams and certification
Participants who complete the following will be awarded the AI Threat Modelling Practitioner Certificate:
- Completion of all hands-on exercises
- Creation and submission of an original AI threat model
- Passing the final examination, which is taken post class
Hands-on learning
This course includes:
- Live, instructor-led sessions and expert mentoring
- Scenario-based labs targeting real-world AI security use cases
- Red/blue team simulation for applied learning
- Ongoing access to pre-course study materials
QA is proud to be an official ISACA partner.
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
AI Security learning paths
Want to boost your career in AI Security? View QA's learning pathway below, specially designed to give you the skills to succeed.
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.
Let's talk
A member of the team will contact you within 4 working hours after submitting the form.