
AI Pentesting for Developers
AI just expanded your attack surface
A hands-on course that bridges traditional software security and offensive AI, teaching developers how LLM and agent integrations get attacked, and how to defend them
Four hours: a 45-minute lecture, the rest hands-on labs.
Your AI features come with an attack surface most developers have never seen
Adding AI to an application significantly expands its attack surface, and most of it is invisible to developers used to traditional software security. In an LLM-integrated app, instructions and user data are processed together with no syntactic separation, so the rules you write can be overridden by the input you accept. This course closes that gap with hands-on exercises on a custom Syndis platform, so your developers understand how these systems are attacked before they ship the next AI feature.
Two modules
What you will cover
LLM and agent architecture, how tokens are processed, and where the new trust boundaries sit in an AI-integrated application.
Why instructions and user data are processed together with no syntactic separation, and how AI-specific vulnerabilities differ from traditional ones.
How direct prompt-injection attacks are crafted, and how attacker input overrides the instructions you wrote.
The safety-filter bypass and jailbreaking techniques attackers use, and what makes guardrails hold or fail.
How the course runs
Four hours: 45 minutes of lecture, the rest hands-on
Lecture
A 45-minute foundation on the AI attack surface and how AI-integrated applications get attacked.
Module 1: the AI attack surface
Hands-on work mapping LLM and agent architecture, token processing, and the new trust boundaries.
Module 2: prompt injection and jailbreaking
Craft direct prompt-injection attacks and practise the safety-filter bypass techniques attackers use.
Takeaways
Leave able to spot AI-specific risks in your own applications and design around them.
Who it's for
Developers integrating AI
Anyone wiring LLMs or agents into a product and shipping it to users.
- No offensive-security background needed
- Development experience is enough
Engineering teams adopting LLMs
Build secure-by-default habits before AI features reach production.
- Shared understanding across the team
- Practical, not theoretical
Security-conscious product teams
Understand the risk of agents connecting to external tools and APIs.
- Backend integration risks
- Resilient guardrail design
Why Syndis
Practical. Hands-on. AI-focused
What to know about the course
The significantly expanded attack surface that comes from adding AI to your applications, focused on LLM and agent integrations: the AI attack surface, prompt injection, and jailbreaking.
Train your developers on AI security
Tell us about your team. We will run the course tailored to how your developers build with AI.