This course is designed to help you build a strong foundation in understanding how AI impacts web application security, so you can recognize risks, support safer integration efforts, and guide next steps for your team or organization.

By the end of this course, you will be able to:

• Explain the core risks AI introduces to web applications, including how models behave differently than traditional code and why that matters for security.
• Identify common attack methods used against AI-powered systems, such as prompt injection, model manipulation, and unsafe AI-generated output.
• Understand where AI shows up in modern web apps, and begin recognizing how features like chatbots, AI-based search, and LLMs affect system behavior and risk.
• Describe practical guardrails and coding patterns that help reduce the risk of using or connecting AI in a web application, even if you are not writing code directly.
• Know what to look for when evaluating AI tools and services, and how to ask the right questions about privacy, input handling, and model behavior.
• Use OWASP AI and LLM guidance as a starting point to frame risk areas, support internal conversations, and align your organization with emerging AI security standards.

If your team requires different topics, additional skills or a custom approach, our team will collaborate with you to adjust the course to focus on your specific learning objectives and goals.

This overview-level course is intended for security professionals, technical leads, developers, and decision-makers who are involved in web application planning, review, or protection and are new to AI-related tools and risks. It is ideal for roles such as security analysts, DevSecOps team members, web developers, application security leads, and IT managers who want to understand how to evaluate and support secure AI adoption in modern web environments. Attendees do not need to be programmers. Concepts are explained in both technical and non-coding terms.

Please note that this list of topics is based on our standard course offering, evolved from current industry uses and trends. We will work with you to tune this course and level of coverage to target the skills you need most. Course agenda, topics and labs are subject to adjust during live delivery in response to student skill level, interests and participation.

1: Foundations of AI and Secure Coding for Web Applications

• The evolving AI threat landscape: Risks and opportunities
• Why AI awareness matters for secure coding and enterprise security
• Core AI concepts: Machine learning, deep learning, LLMs, and generative AI
• Common ways AI intersects with software development and security
• Demo: How AI models can be embedded in modern applications

2: Secure Coding Principles in the Age of AI

• AI-specific coding vulnerabilities
• Threats introduced by integrating AI/ML into apps
• Key differences between traditional secure coding and AI/ML secure development
• Case study: Attack scenarios involving poor secure coding in AI models
• OWASP guidance
• Secure vs. insecure AI-infused code

3: How AI Attacks Your Code, Systems, and Teams

• Real-world AI-driven attack techniques: prompt injection, data poisoning, evasion
• AI-generated code: new risks and review challenges
• Model manipulation and AI backdoors
• Common AI-related vulnerabilities in web apps and APIs
• Human-in-the-loop risks: trust, overreliance, and social engineering
• Demo: Adversarial Attacks on AI

4: Defending Against AI-Powered Attacks

• Building an enterprise AI defense strategy
• Threat modeling with AI/ML in mind
• Establishing governance, model monitoring, and audit trails
• How to assess and verify AI components in your stack
• Best practices for mitigating model poisoning, backdoors, and misuse
• Tools and frameworks for secure AI development
• Securing the software supply chain for AI-integrated apps
• Policies to reduce exposure to AI-generated vulnerabilities
• Reviewing code with AI threat awareness

5: Secure AI Integration in Web Applications

• Integrating AI responsibly into production web systems
• Validating input/output of models and preventing injection
• Secure API design for AI services
• Handling user data securely in AI workflows
• Demo: Using a Python AI Model from a Web Application

6: Natural Language Processing (NLP) and AI Security Risks

• NLP systems and their security challenges (e.g., prompt injection, data leakage)
• How attackers use NLP to trick AI-powered systems
• Using NLP for vulnerability detection and monitoring
• Review prompt injection and mitigation techniques

7: AI Risk Management and Security Leadership

• Governance frameworks for AI (NIST AI RMF, ISO/IEC standards)
• Managing AI risk across the SDLC
• Setting up enterprise-wide guardrails for secure AI use
• Secure AI deployment checklists
• Evaluating tools like GitHub Copilot, ChatGPT, and internal LLMs
• Guiding development teams in secure AI usage

8: Staying Safe with AI Tools at Work

• Where AI tools are commonly used across roles and departments
• Safe data sharing practices for employees using AI (what's OK vs. what's risky)
• How to create and share clear internal guidelines and review processes
• Role of security leaders in managing workplace AI usage and reducing shadow AI

AI Playbook / Addendum