AI Security & Governance

9 programs

AI Security, Governance and Compliance Training

Enterprise AI security, red teaming, prompt injection defense, EU AI Act / GDPR compliance and risk management programs.

For CISO, CIO, DPO and technical security teams — MITRE ATLAS + OWASP LLM Top 10 + GDPR-compliant defensive and offensive programs.

Browse programs Request corporate program

Programs

3days

Avg. duration

Levels

Sub-areas

TL;DR

One-line answerAI Security & Governance training — 7 programs covering enterprise red teaming, prompt injection defense, EU AI Act + GDPR compliance and CISO/CIO/DPO risk management.

MITRE ATLAS + OWASP LLM Top 10: offensive/defensive simulation with Garak, PyRIT, Llama Guard
Enterprise Guardrails: prompt injection, jailbreak, data exfiltration, indirect-injection defense layers
AI Governance: policy, risk register, model inventory, audit pipeline for CIO / CISO
DPO & Compliance: GDPR + EU AI Act + sector-specific (BDDK, SPK) compliance frameworks

What you get

Why this category

Defense-in-Depth Architecture

6-layer guardrail architecture: input filter, output validate, tool scope, PII redact, HITL, trajectory eval.

MITRE ATLAS + OWASP LLM Top 10

Automated attack simulation with Garak and PyRIT; manual red team playbook + reporting format.

EU AI Act + GDPR + Sector Compliance

4 risk classes assessment, CE marking requirements, DPIA + fundamental rights impact assessment templates.

Privilege Escalation + RBAC

Agent tool-call allowlist, role-based action scoping, sensitive action human checkpoint pattern.

Audit Trail + Model Inventory

Model registry, version control, deployment log, user interaction log — full traceability.

Incident Response Playbook

Step-by-step call list to execute within 24 hours when prompt injection or data leak is detected.

Catalog

Guardrails & Prompt Injection

2 / 9 programs shown

All9 Red Teaming & Adversarial Guardrails & Prompt Injection AI Governance (CIO/CISO)Compliance & DPO

How it works

From assessment to production — AI Security & Governance delivery

1
1. Risk Profiling
Current AI system inventory, use-case classification, risk score calculation.
→
2
2. Compliance Gap Analysis
Missing controls, documentation and processes identified against EU AI Act + GDPR + sector regulators.
→
3
3. Red Team + Guardrails Lab
Attack simulation with Garak/PyRIT + 6-layer guardrail integration hands-on practice.
→
4
4. Governance Framework + Audit Pipeline
Model registry, audit log, continuous monitoring, annual audit calendar and incident response playbook.

Real-world examples

Use cases solved with these programs

Annual AI Audit Program

Annual security + compliance audit calendar and reporting format for all production AI systems.

BDDK / SPK-Compliant Model Inventory

Model registration system + validation process meeting finance regulator requirements.

Production Guardrails (Prompt Injection)

Defense-in-depth guardrail stack deployment for customer-facing LLM apps.

Annual AI Red Team Exercise

5-day annual exercise: attack scenarios, defense tests, lessons learned + remediation roadmap.

FAQ

AI Security & Governance — questions answered

How is red teaming performed on AI systems?

Plan with MITRE ATLAS taxonomy; for OWASP LLM Top 10 (prompt injection, insecure output handling, model theft, supply-chain) use Garak and PyRIT for automated fuzz + manual exploration. Defense tests via Llama Guard and custom guardrail layers. A 5-day hands-on protocol is taught.

How does the EU AI Act affect my company?

First, identify which of the 4 risk classes (unacceptable / high-risk / limited / minimal) your AI system falls under. High-risk class (critical infrastructure, education, employment, credit, etc.) requires CE marking, risk management system, data quality controls, log retention, human oversight, robustness tests and a fundamental rights impact assessment. The training delivers gap analysis + roadmap for your current system.

What are the most effective defense layers against prompt injection?

Single layer is not enough — defense-in-depth is required. (1) Input sanitization + content filtering (Llama Guard), (2) Structured output + schema validation, (3) Tool-call allowlist + scoped permissions, (4) Output post-processing + PII/secret redaction, (5) Human-in-the-loop checkpoint (for high-risk ops), (6) Trajectory evaluation + anomaly detection. Each layer is built in its own lab.

As a DPO, what are my responsibilities in AI risk management?

From KVKK + GDPR perspective: (1) AI systems inventory + model registry, (2) DPIA / fundamental rights impact assessment, (3) Data minimization + purpose limitation controls, (4) Article 22 compliance for automated decision-making (right to human intervention), (5) Data subject request response processes, (6) Vendor (model provider) due diligence + DPA signatures. Training ships with sector-specific checklists + templates.

Are extra controls needed when deploying AI in regulated sectors like Banking or Insurance?

Yes. BDDK Information Systems Regulation + Risk Management for model documentation, MR (Model Risk) framework, validation, continuous monitoring; SPK for market structure + algorithmic trading rules; insurance-specific risk assessment. Training covers latest sector regulator publications (TCMB / BDDK / SPK / SEDDK) + European equivalents (DORA, MiCA).

Other categories