SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact Us
Cloud security architect is an ever-evolving role that requires continuous learning, analysis, and improvement. As cloud services change, so do the threat models, capabilities, and recommended secure-by-design patterns. AI is also rapidly changing the way that cloud security architects perform their jobs, while adding pressure to quickly identify new cloud resources, attack surfaces, and recommended AI architecture patterns.
The latest version of SEC549 helps aspiring cloud security architects keep up on three fronts. First, students will see how custom built “cloud security architect” AI agents are helping architects complete their work. Then, we introduce new AI service architecture designs for running AI workloads, granting access to private data, and maintaining the organization’s data perimeters. With these concepts in mind, students can complete several new hands-on labs that reinforce the design patterns covered in lessons. Together, these updates prepare students to keep pace with the accelerating responsibilities of the cloud security architect.
Threat modeling has always been a critical part of a cloud security architect's role. Traditional threat modeling relies on manual diagramming, policy checklists, and hand-documented security controls. While effective, this process no longer matches how the cloud is defined, built, and managed. Cloud teams are defining their cloud "as code," using tools like Terraform, CloudFormation, Bicep, and Pulumi. These configuration files describe resources, identities, and trust boundaries with far more detail than any manually created cloud diagram can. However, many cloud architecture and security teams do not fully understand the cloud-infrastructure-as-code tools.
With this update, we teach students how to build a threat model from cloud configuration files using a custom-built AI agent. The new SEC549 Cloud Security Architect assistant is a purpose-built agent that knows cloud security architecture, threat modeling frameworks (STRIDE, LINDDUN, and PASTA), and how to read infrastructure as code. In this new lab, students provide the assistant with the Terraform configuration and ask the agent to perform a STRIDE threat model and create a Mermaid architecture "diagram as code." Understanding these tools is important for cloud security architects to maintain accurate documentation and integrate their work with the version control systems used by cloud engineering teams.

Organizations are rapidly adopting AI, creating major challenges for cloud security architects along the way. The default design onboards a new AI vendor, calls a vendor's model API, uploads private data, uses the private data to generate a response, and returns the response to the customer.
Basic threat modeling and privacy analysis raise some obvious questions: Where does our data go when we send a prompt? Can the vendor train on it? Where do the embeddings live? Honest answers often stop an AI project before it starts. These questions highlight the new attack surface and architectural decisions cloud security architects need to understand and build into their AI service designs.
This update introduces architects to an in-tenant AI services architecture design, which maintains data residency and privacy controls. Instead of sending data to an external model, students see how to leverage models inside the existing cloud tenant, supply privately stored grounding context from cloud storage and data lake services, and ensure data entitlement checks are performed before responses are returned to the customer. This secure by design pattern protects data from crossing a trust boundary and ensures new third parties do not receive the data.

The SEC549 update expands the hands-on labs across every section of the course, so students implement each design pattern rather than just discussing it. In the identity and access foundation, new labs cover Azure to AWS single sign-on, Azure organization policies, and using Entra ID Privileged Identity Management to elevate break-glass permissions into AWS and Google Cloud. The customer identity designs add hands-on examples using AWS Cognito user pools and identity pools for managing external user access. On the network side, students build an Azure Virtual WAN hub-and-spoke architecture and then layer in centralized traffic inspection. The data labs continue to protect private data, applying row-level and column-level security policies to a BigQuery data lake. This is followed by the in-tenant AI service architecture lab that ties those data controls to an AI workload. Finally, the logging labs centralize telemetry both within a single cloud and across clouds using Microsoft Sentinel.
These new topics and labs will help aspiring cloud security architects learn how to set up an AI assistant that helps create design diagrams, benchmark designs against the well-architected frameworks, and assist with cloud security threat modeling. Students will also learn how to design in-tenant AI services that keep private data inside their trust boundary, and they will gain hands-on experience building these resources across cloud AI services and design patterns.
You can register for a free course demo by visiting SEC549: Cloud Security Architecture and pressing the “Course Preview” button.
Thank you to past students for their course feedback, which helps the authors and instructors understand the content most valuable to them. And special thank you to the course authors and instructors for their contributions: Eric Johnson, David Hazar, Gregory Leonaard, Simon Vernon, and Jason Larkin.


Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cybersecurity professionals with the practical skills and knowledge they need to make our world a safer place.
Read more about SANS Institute