Skip to main content
Image coming soon

The AI Security Developer's Model-Risk Engineering Course

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The AI Security Developer's Model-Risk Engineering Course

Twelve modules that take an AI security developer from prompt-injection patches to a defensible model-risk control set a customer SOC will accept.

Your customer SOC keeps reopening the model-risk file because the patch lands but the control narrative does not.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

AI security developers building LLM-powered detection and response features sit at an awkward joint. The engineering side wants velocity: patch the prompt-injection bypass, ship the evaluator, retrain the classifier on the new jailbreak corpus. The customer side wants a control set: which guardrail caught the bypass, which logged the attempt, which mapped to OWASP LLM Top 10 entry, which evidence artefact a procurement reviewer can attach to their vendor risk file. The gap is not a skills gap on either side. It is a mapping gap. The commit message names a CVE-style fix. The customer wants it named as a control. The course closes that mapping so that every shipped feature carries the artefacts a customer SOC, a procurement reviewer, and an internal model-risk function need without slowing the engineering cadence.

What you walk away with

  • A threat model template for an LLM-backed product feature, mapped to OWASP LLM Top 10 and NIST AI RMF measure functions.
  • An evaluator harness pattern that produces repeatable, dated evidence a customer SOC can audit against.
  • A red-team log format that maps each finding to a control category and an evidence artefact.
  • A model card template a procurement reviewer can attach to a vendor risk file without further translation.
  • A model-risk control narrative pattern that ties an engineering commit to a customer-acceptable control reference.

The 12 modules

Module 1. Threat modelling an LLM-backed detection feature
Walk through threat modelling for a shipped LLM-backed security feature. Identify the prompt-injection surface, the data-exfiltration surface via tool calls, the supply-chain surface across model weights and embeddings, and the prompt-leakage surface across system messages. Map each surface to OWASP LLM Top 10 entries and to NIST AI RMF measure functions so a customer SOC reviewer reads the same vocabulary the engineering team writes in.
Module 2. Evaluator design for repeatable evidence
Build an evaluator harness that produces dated, versioned evidence a customer can audit. Cover golden-set construction, adversarial-set construction, evaluator drift detection across model upgrades, and the harness output schema that maps cleanly into a control narrative. Includes the evaluator output format the SOC reviewer wants attached to the vendor file.
Module 3. Red-team workflows that produce control artefacts
Take the red-team cadence the team already runs and reshape its output so each finding produces a control artefact, not only a Jira ticket. Cover jailbreak corpus management, finding-to-control mapping, false-positive triage, and the red-team log format a customer audit team accepts as evidence of continuous testing rather than point-in-time pen-testing.
Module 4. Model cards a procurement reviewer will accept
Model cards as written by the research community do not survive a procurement review. Build a model card template that names training data lineage at the level a vendor questionnaire requires, evaluation results at the granularity a customer SOC needs, and intended-use limits a procurement reviewer can attach to a contract clause. The model card becomes a vendor-file artefact, not a research artefact.
Module 5. Guardrails as named controls
Take each guardrail in the product and rewrite it as a named control. Input filters become input validation controls with logged evidence. Output filters become output sanitisation controls with sample evidence. Tool-call gates become authorisation controls with permission evidence. Each guardrail gets a control identifier the customer SOC can reference in their own control framework.
Module 6. Logging and telemetry the SOC can ingest
Cover the log schema, log retention, and log redaction policy that lets a customer SOC ingest the product's evidence stream into their own SIEM. Includes the prompt and completion redaction pattern that preserves audit value while protecting customer data, the log-export format procurement reviewers expect, and the retention table that survives a SOC 2 type 2 review of the customer's pipeline.
Module 7. Incident response when a jailbreak lands
A jailbreak lands on a Friday afternoon and a customer SOC sees the bypass before you do. Walk through the incident response playbook from disclosure to patch to control update to evidence regeneration. Covers customer comms templates, the post-incident control-narrative update, and the evaluator-set update that prevents the same class of bypass from recurring without producing evaluator drift.
Module 8. Mapping OWASP LLM Top 10 to your product surface
OWASP LLM Top 10 reads like a research taxonomy. Customers read it as a checklist. Build the explicit mapping from each Top 10 entry to a product control, an evidence artefact, and a residual risk statement. The mapping becomes a single-page artefact a sales engineer attaches to a customer security review without the customer having to write the mapping themselves.
Module 9. Mapping NIST AI RMF to the engineering backlog
NIST AI RMF measure and manage functions are written for risk officers. Translate each function into an engineering-backlog item: which sprint produces which evidence, which engineer owns which control, which evaluator output satisfies which measure. The translation lets the engineering function speak to the customer model-risk function without a GRC intermediary.
Module 10. Vendor questionnaires that take an hour, not a week
Vendor questionnaires for AI security products run hundreds of lines. Build a questionnaire response library keyed to the control set produced in earlier modules. Each question maps to a pre-written answer, a pre-attached evidence artefact, and a named control reference. The library turns a week of cross-team work into a one-hour review by the AI security developer who owns the feature.
Module 11. Continuous testing as a customer-facing programme
Shift the internal continuous testing cadence into a customer-facing programme. Publishable testing schedule, monthly summary of evaluator runs, quarterly red-team summary, and the customer-portal artefact that demonstrates evidence is being produced on a schedule rather than only when a customer asks. Turns testing from a cost centre into a sales-enabling artefact.
Module 12. Quarterly review pack for the customer SOC
Pull everything into a quarterly review pack the customer SOC receives without asking. Updated model card, updated control mapping, updated evaluator results, updated red-team findings, updated residual risk register. The pack closes the loop on the model-risk control set and gives the customer SOC the artefacts their own auditors will want, on a schedule, without the customer having to chase.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

The Friday-afternoon jailbreak that the customer SOC saw before the engineering team did.
The vendor questionnaire that arrived with 380 lines and a five-day SLA.
The procurement reviewer who asked for a model card and rejected the research-style one.
The customer model-risk function that wants OWASP LLM Top 10 and NIST AI RMF mapped to your product surface, not to a taxonomy diagram.

What you get with this course

  • Threat-model template for an LLM-backed product feature with OWASP LLM Top 10 and NIST AI RMF cross-references.
  • Evaluator harness output schema and golden-set construction guide.
  • Red-team log template that produces control artefacts per finding.
  • Model card template scoped for procurement review, not research publication.
  • Vendor questionnaire response library keyed to the product control set.
  • Quarterly review pack template for the customer SOC.
  • Hand-built implementation playbook scoped to the buyer's detection stack.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours: account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Weeks 1-2: threat model and evaluator harness for one shipped feature.

Weeks 3-4: control mapping and model card for the same feature.

Weeks 5-6: vendor questionnaire library and customer SOC review pack.

Before and after

Before

Patches ship fast. Control narratives stall because the artefacts the customer SOC, procurement reviewer, and internal model-risk function need are not being produced as part of the engineering cadence.

After

Every shipped feature carries a control narrative, an evidence artefact, and a mapping to the customer's vocabulary. Vendor questionnaires take an hour. Customer SOC reviews close on the first round.

What happens if you do not address this

The vendor questionnaire backlog grows. The customer SOC keeps reopening the model-risk file. Sales cycles stall on security review for AI-backed features even when the engineering work is solid. A jailbreak lands and the post-incident control update has to be invented under pressure rather than pulled from a playbook.

Who it is for

An AI security developer or engineer working on LLM-backed detection, response, or agentic features at a security product vendor. Comfortable with model evaluation, prompt-injection threat modelling, evaluator design, and red-team workflows. Less comfortable with the language of model-risk management, the structure of a control narrative, and the artefacts a customer SOC reviewer expects in a vendor file. Builds the feature, then gets asked to defend it on a vendor questionnaire and finds the questionnaire was written by a risk function, not an engineering function.

Who this is NOT for. Not for application security engineers working purely on traditional appsec without an LLM or model component. Not for data scientists doing offline model research without a shipped product. Not for GRC analysts who never touch model code. Not for executives who want a strategy deck rather than the engineering artefacts.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Roughly six to eight hours per module across reading, template work, and applying the templates to one shipped feature. Designed to be worked into a sprint cadence rather than as a one-week intensive.

Why $199 is the right number

OWASP and NIST publish the source material free of charge. Vendor risk consultancies will produce a control mapping for a five-figure engagement. This course sits between: it teaches the AI security developer to produce the artefacts themselves, with templates and a per-buyer implementation playbook that names the buyer's actual product surface, so the work happens once and lives inside the engineering team instead of being outsourced and re-bought each quarter.

FAQ

Does this assume a specific model provider?
No. The threat model, evaluator design, and control mapping are model-agnostic. The implementation playbook is scoped to the buyer's stack.
Is this for a single engineer or for a team?
Built around one AI security developer working through it. The templates and playbook are reusable across a team once one engineer has worked through the material.
How is the implementation playbook scoped?
Hand-built per buyer. The buyer describes the product feature in scope, the customer segments, and the current artefact gaps. The playbook names which modules to apply in which order.
Does it cover agentic features specifically?
Yes. Threat modelling, evaluator design, and control mapping cover tool-call surfaces, planner-executor patterns, and the additional control artefacts agentic features need.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!