Question 1

What Are The Laptop Requirements?

Accepted Answer

Important! Bring your own system configured according to these instructions!A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.It is critical that you back-up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.CPU64-bit Intel i5/i7 2.0+ GHz processorCRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot be used for this course.Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. To verify on Windows 10 or 11, press Windows key + "I" to open Settings, then click "System", then "About". Your processor information will be listed near the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".BIOSEnabled "Intel-VT"Intel's VT (VT-x) hardware virtualization technology must be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS to enable this setting in order to complete lab exercises. If your BIOS is password-protected, you must have the password. This is absolutely required.RAM16 GB RAM is highly recommended for the best experience. To verify on Windows 10, press Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".Hard Drive Free Space100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.Operating SystemYour system must be running either the latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.Additional Software RequirementsVMware Player Install:Download and install VMware Workstation Pro 17+ (for Windows hosts), or VMWare Fusion Pro 13+ (for macOS hosts) prior to class beginning. Workstation Pro and Fusion Pro are now available free for personal use from the VMware website. Licensed commercial subscriptions to these products can also be used.Other virtualization products, such as Hyper-V and VirtualBox, are not supported and will not work with the course material.Your course media will now be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.If you have additional questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend SEC536 Adversarial AI Training?

Accepted Answer

SEC536 is built for security practitioners who interact with and need to assess AI systems the way they work, not the way a demo describes them.Penetration testers and red teamers get techniques that work against LLM-integrated targets instead of recycled web app attacks with an AI label. Application security engineers, architects get the threat models and testing patterns they need as AI features hit production.Data scientists and ML platform engineers get an unfiltered look at how their pipelines and deployed models appear from an attacker's perspective.Cyber defenders and blue teamers get to anticipate attacks instead of reacting to the first incident.  Technical managers get ground truth that cuts through vendor hype and shows where AI risk lives in the stack.

Question 3

What Will You Get?

Accepted Answer

You keep a VM containing ten hands-on labs. Run them repeatedly, try hard mode, or any of the multiple bonus modes each lab has. You also leave with the Marimo workbooks covering every major concept and a working mental model of how AI-integrated systems fail and how to communicate that to the people funding the rollout. Unlimited access to all hands-on lab exercises that never expires Printed and electronic course books and a hands-on workbook MP3 audio files of the entire course Detailed video walkthroughs for all lab exercises Visual association maps to break down complex material A digital index for quick reference to all material Bonus content and hands-on exercises to develop your skills beyond the course Essential cheat sheets for tools and complex analysis tasks

Question 4

What Are The Prerequisites For This Course?

Accepted Answer

Students should be comfortable with HTTP APIs and familiar with general web and application security concepts. An AI or ML background is helpful but not required. Python experience is useful for customizing payloads and tooling but is not a prerequisite.

Question 5

What Learning Path Is This Adversarial AI Course A Part Of?

Accepted Answer

Start with SEC504: Hacker Tools, Techniques, and Incident Handling to develop an attacker mindset, then SEC560: Enterprise Penetration Testing to learn the methodology for conducting pen tests and the full attack lifecycle, then this course, SEC536, to specialize in attacking AI-integrated systems, then SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking to learn how to level up your skills and develop novel, advanced techniques.

Question 6

What Is Adversarial AI And Why Is It Important?

Accepted Answer

SEC536: Adversarial AI is built around a single discipline: studying and executing the attacks that adversaries are running against production AI systems today. Adversarial AI is the offensive side of AI security, where penetration testers, red teamers, and security engineers exploit LLMs, RAG pipelines, agents, MCP tool servers, and the model supply chain to surface failures that traditional security tooling was never designed to find. Its purpose is to give organizations an honest picture of their AI risk exposure so they can make informed decisions about the AI features they are racing to deploy.Surfaces AI-Specific Failure Modes: AI systems break in ways that do not map cleanly to the OWASP Top 10 or established application security playbooks. Adversarial techniques bring these failures into view before attackers find them, spanning prompt injection, indirect injection, jailbreaks, evasion, model poisoning, weight extraction, and agentic and MCP abuse.Measures Risk Before the First Incident: Emulating real attacks against production-shaped systems gives organizations a measured view of where their AI rollouts will fail. That measurement is at the core of any meaningful security investment, and it must come before something breaks publicly, not after.Replaces Demo with Evidence: Most AI security claims fall apart under sustained attacker pressure. An adversarial assessment produces concrete evidence, so security teams can evaluate AI products on what they actually do, not on what a sales deck promises.Defends Model Assets and Sensitive Data: Model weights, training data, system prompts, and embedded business logic have all become high-value targets. Knowing how attackers extract them is the only way to design controls that hold up under real pressure. Anticipates Regulatory and Compliance Exposure: Agentic systems and MCP tool servers can route around organizational controls in ways that carry direct regulatory consequences, from sanctions screening to privacy obligations to financial reporting. Adversarial work surfaces with these exposures where they can be proactively fixed.Connects Offense to Defensive Action: Every technique covered in this course traces back to a specific architectural decision, control, or detection opportunity. That mapping is what gives defenders something concrete to act on.SEC536 puts these techniques in students' hands across two days of attacks against a realistic, production-shaped environment. By the end, participants can assess AI-integrated systems with confidence, communicate the findings to the executives funding the rollout, and reduce real exposure before attackers find the same gaps.

Question 7

How Will This Course Benefit My Career?

Accepted Answer

Completing SEC536 puts you in a small group of practitioners who can confidently assess AI systems under real attack conditions, a capability almost every organization deploying AI urgently needs and very few people currently have.Stand Out in a Specialty with Few Experts: AI security is one of the fastest-emerging areas of cybersecurity, and qualified practitioners are in short supply. SEC536 places you at the front of that wave with hands-on experience attacking the systems organizations are actually building today.Open Doors to AI-Focused Roles: The skills covered map directly to positions like AI Red Team Lead, AI Application Security Engineer, ML Platform Security Engineer, and AI Risk Specialist, as well as senior penetration testing roles where AI assessment is now part of the scope. Carry Your Lab Environment Home: You leave with a takeaway VM containing every lab from the course. That makes the skills sticky, lets you keep practicing as new techniques emerge, and gives you a working reference environment you can use on real engagements.Speak the Language of AI Risk to Leadership: SEC536 trains you to translate technical AI attacks into the business and regulatory framing that funds programs. Practitioners who can do that quickly become the trusted voice on AI risk inside their organizations.Overall, SEC536 builds a rare and highly valued skill set, positions you for the AI security roles emerging across the industry, and gives you the practical experience to operate at the front edge of where cybersecurity is moving.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC536: Adversarial AI - Penetration Testing AI Systems

Course Overview

What You’ll Learn

Business Takeaways

Meet Your Author

Foster Nethercott

Mick Douglas

Course Syllabus

Section 1Foundations of Attack Techniques

Topics covered

Labs

Section 2Infrastructure, Integrations, and Advanced Attacks

Topics covered

Labs

Things You Need To Know

Benefits of Learning with SANS

Related Courses

SEC504: Hacker Tools, Techniques, and Incident Handling

SEC560: Enterprise Penetration Testing

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC536: Adversarial AI - Penetration Testing AI Systems

Course Overview

What You’ll Learn

Business Takeaways

Meet Your Author

Foster Nethercott

Mick Douglas

Course Syllabus

Section 1Foundations of Attack Techniques

Topics covered

Labs

Section 2Infrastructure, Integrations, and Advanced Attacks

Topics covered

Labs

Things You Need To Know

What Are The Laptop Requirements?

Who Should Attend SEC536 Adversarial AI Training?

What Will You Get?

What Are The Prerequisites For This Course?

What Learning Path Is This Adversarial AI Course A Part Of?

What Is Adversarial AI And Why Is It Important?

How Will This Course Benefit My Career?

Benefits of Learning with SANS

Related Courses

SEC504: Hacker Tools, Techniques, and Incident Handling

Quick view

SEC560: Enterprise Penetration Testing

Quick view

SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking

Quick view