constellation-dark

AI Pentesting for Developers

AI just expanded your attack surface

A hands-on course that bridges traditional software security and offensive AI, teaching developers how LLM and agent integrations get attacked, and how to defend them

Four hours: a 45-minute lecture, the rest hands-on labs.

Your AI features come with an attack surface most developers have never seen

Adding AI to an application significantly expands its attack surface, and most of it is invisible to developers used to traditional software security. In an LLM-integrated app, instructions and user data are processed together with no syntactic separation, so the rules you write can be overridden by the input you accept. This course closes that gap with hands-on exercises on a custom Syndis platform, so your developers understand how these systems are attacked before they ship the next AI feature.

Two modules

What you will cover

The AI attack surface

LLM and agent architecture, how tokens are processed, and where the new trust boundaries sit in an AI-integrated application.

Where AI breaks the rules

Why instructions and user data are processed together with no syntactic separation, and how AI-specific vulnerabilities differ from traditional ones.

Prompt injection

How direct prompt-injection attacks are crafted, and how attacker input overrides the instructions you wrote.

Jailbreaking and filter bypass

The safety-filter bypass and jailbreaking techniques attackers use, and what makes guardrails hold or fail.

How the course runs

Four hours: 45 minutes of lecture, the rest hands-on

1

Lecture

A 45-minute foundation on the AI attack surface and how AI-integrated applications get attacked.

2

Module 1: the AI attack surface

Hands-on work mapping LLM and agent architecture, token processing, and the new trust boundaries.

3

Module 2: prompt injection and jailbreaking

Craft direct prompt-injection attacks and practise the safety-filter bypass techniques attackers use.

4

Takeaways

Leave able to spot AI-specific risks in your own applications and design around them.

Who it's for

Developers integrating AI

Anyone wiring LLMs or agents into a product and shipping it to users.

  • No offensive-security background needed
  • Development experience is enough

Engineering teams adopting LLMs

Build secure-by-default habits before AI features reach production.

  • Shared understanding across the team
  • Practical, not theoretical

Security-conscious product teams

Understand the risk of agents connecting to external tools and APIs.

  • Backend integration risks
  • Resilient guardrail design

Why Syndis

Practical. Hands-on. AI-focused

13yrs
Training Nordic teams
80+
Specialists across the team
4hrs
Lecture plus hands-on labs
Hands-on
On a custom Syndis platform

What to know about the course

The significantly expanded attack surface that comes from adding AI to your applications, focused on LLM and agent integrations: the AI attack surface, prompt injection, and jailbreaking.

Let's talk

Train your developers on AI security

Tell us about your team. We will run the course tailored to how your developers build with AI.