Prompt injection, tool misuse, and uncontrolled tool interactions create attack vectors when operating and using agent-based systems and LLM-powered applications, leading to consequences such as data exfiltration or unauthorized system access. These are real risks that software architects and developers should understand and address.
In our 2-day training course “Agentic Software Security,” we’ll teach you the fundamentals you need to know.
The training will enable you to understand attack vectors such as direct and indirect prompt injection, insecure tool interactions, supply chain risks (e.g., tool poisoning or rug pulls), and cross-context effects; methodically assess risks during the development and integration of agentic applications; and prevent them in a targeted manner with appropriate security measures.
Agenda
Attack Vectors on Generative AI
- Identify attack vectors on agent-based systems, such as prompt injections
- Systematically identify trust boundaries in typical agent-based architectures using threat modeling
- Secure agent-based systems through guardrails, sandboxing, proper identity management, and fine-grained authorization
- Secure AI systems throughout their entire lifecycle, from onboarding (e.g., via the MCP Registry) to offboarding
Agent-Based Systems and Protocols
- Understand what distinguishes chatbots from copilots, with a focus on security aspects
- Understand and evaluate security mechanisms of new agent-based standards, e.g., MCP or A2A
- Know what matters when implementing agent-based systems, both technically and organizationally
- Use IAM and authorization patterns strategically to design secure agent-based systems
Audience
This training is designed for software architects and developers who want to plan, develop, and deploy AI-powered applications with a clear focus on security throughout their entire lifecycle.
Training Objectives
Understand attack vectors related to GenAI and how to assess them using threat modeling.
Implement targeted protective measures such as guardrails, sandboxing, and proper authentication and authorization.
Develop a strategy for the secure operation of MCP-based agent-based systems within the organization, from onboarding through usage to offboarding.
Embed security practices into architecture, development, and operations, regardless of frameworks or programming languages.
Your Trainers
Dimitrij Drus
INNOQ
Distributed and embedded systems, security
- Agentic Software Security
- Web Security
Dimitrij Drus works as a senior consultant at INNOQ. For many years he has been involved in architecture and development of distributed and embedded systems with a focus on security and availability.
Felix Schumacher
INNOQ
IT-Security
- Agentic Software Security
- OWASP Top Ten in practice
- Web Security
Felix is a Senior Consultant at INNOQ. He enjoys working with IT security, test-driven development and the operation and further development of existing systems.
Relevant Other Training Courses
Agentic Software Engineering
Achieving more with the same team
from 2,025 €
Lerne KI-Assistenten und autonome Coding-Agenten gezielt einzusetzen.
Fundamentals of Agentic Coding
for software architects and developers
by Request
Workshop
Erlerne an einem Tag die Grundlagen des Agentic Coding.
Designing software architectures for AI and ML systems
SWARC4AI
Technology 20Methodology 10Communication —from 2,025 €
iSAQB® Module SWARC4AI
Erfahre, wie du robuste und anpassbare Architekturen für KI-Systeme entwickelst.