Question 1

What Are The Laptop Requirements?

Accepted Answer

Cloud Accounts and API Keys SANS provides students with access to labs hosted on AWS infrastructure, along with the required LLM API keys for lab participation. Students can log in to their SANS account and visit the MyLabs page 24 hours before class begins to access the information and materials needed to get started.Mandatory Laptop Requirement Students must bring their own system configured according to these instructions. A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course. Students must be in full control of their system's network configuration. The system will need to communicate with the cloud-hosted student VM using a combination of HTTPS, SSH, and SOCKS5 traffic on non-standard ports. Running VPN, intercepting proxy, or egress firewall filters may cause connection issues communicating with the student VM. Students must be able to configure or disable these services to connect to the lab environment.Bring Your Own Laptop Configured Using the Following Directions A properly configured system is required for each student participating in this course. Before starting your course, carefully read and follow these instructions exactly: Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run the Firefox browser described below.Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed. Mandatory Host Hardware Requirements CPU: 64-bit 2.5+ GHz multi-core processor or higher Wireless Ethernet 802.11 B/G/N/AC Local Administrator Access within your host operating system Must have the ability to install Firefox, enable a Firefox extension, and install a new trusted root certificate on the machine. Mandatory Software Requirements Prior to class, ensure that the following software is installed on the host operating system: Firefox 120.0+ Firefox SmartProxy extensionSummary Before beginning of the course you should: Have a laptop with a solid-state drive (SSD), 16GB of RAM, and a 64-bit operating system. Install the latest version of Firefox and the SmartProxy extension. Download the SEC546 Lab Setup Instructions from your sans.org account. After you have completed those steps, access the SANS provided AWS account to connect to the SANS Cloud Security Flight Simulator and connect to the SEC546 student VM. The SEC546 Instance hosts an electronic workbook, VSCode, Git Server, and Terminal services that can be accessed through the Firefox browser. Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 20 minutes or more to complete these instructions. Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.  If you have additional questions about the laptop specifications, please contact customer service.

Question 2

Who Should Attend SEC546 Training?

Accepted Answer

This course is designed for practitioners in Protect AI roles, including AI SOC Orchestrators AI Incident Response Orchestrators AI/ML Security Engineers focused on agentic systems AI Security Specialists Security Operations and blue team leads responsible for AI-driven workflows Cloud Security Engineers responsible for agentic AI deployments. The course assumes working comfort with Python, command line, and containers, along with a foundational understanding of LLMs and GenAI concepts. Many of these titles are still being defined inside organizations. SEC546 gives you the practical skills to step into them with credibility as the roles form, rather than waiting for hiring patterns to catch up.

Question 3

What Will You Get?

Accepted Answer

Electronic and printed courseware Mp3 audio files of course lecture SANS provisioned API key to access the LLM endpoint

Question 4

What Are The Prerequisites For This Course?

Accepted Answer

Python familiarity: Ability to read, modify, and run Python scripts, including using libraries, APIs, and basic program flow. GenAI fundamentals: Working understanding of large language models, prompting, retrieval-augmented generation, and tool-calling concepts. Application security basics: General knowledge of vulnerabilities such as injection, authentication, authorization, and trust boundary enforcement. Command-line comfort: Ability to navigate directories, install packages, edit files, and run lab exercises from a terminal. Cloud and API awareness: Basic familiarity with API keys, environment variables, JSON, and connecting applications to external services.

Question 5

What Learning Path Is This Course A Part Of?

Accepted Answer

While agentic AI systems may be deployed in cloud environments, SEC546 is a defensive AI course focused on securing agents, tools, and orchestration layers rather than general cloud infrastructure. It focuses on what changes when an LLM stops just answering questions and starts taking actions: calling tools, reading data, moving across business systems. Agents like that need different controls than traditional apps, and that's what the course teaches.Depending on your current or desired future role, the courses below are great next steps in your cybersecurity journey. SEC545: GenAI and LLM Application Security – protect AI applications end to end through hands-on training in LLM security, RAG defense, agent security, and MLOps protection. LDR520: Emerging Trends for Cyber Leaders: AI and Cloud – lead AI security programs with the governance, risk, and policy foundation that makes GenAI and agentic AI adoption defensible. Together, they prepare you to defend GenAI, secure agentic AI, and lead the program that governs both.

Question 6

How Does SEC546 Align with the SANS Secure AI Blueprint?

Accepted Answer

SEC546 aligns with the SANS Secure AI Blueprint’s Protect AI pillar by focusing on the defensive controls needed to secure agentic AI systems in production. The course teaches practitioners how to protect autonomous AI behavior across real-world workflows by identifying agentic AI threats, designing and validating guardrails, defending against prompt injection and context poisoning, enforcing agent scope and goal integrity, securing multi-agent chains, and containing rogue or compromised agents. While agentic AI may run in cloud environments, SEC546 is not a general cloud infrastructure course. It is a defensive AI course focused on securing agents, tools, orchestration layers, and autonomous behavior.

Question 7

What Is Agentic AI Security and Why Is It Important?

Accepted Answer

Agentic AI Security is the discipline of securing autonomous AI systems that can plan, make decisions, execute actions, invoke tools, retain memory, operate across browsers and desktops, and coordinate with other agents, often with limited human oversight. Unlike traditional chatbot-style AI applications that primarily generate text, agentic systems exercise real agency: they pursue multi-step goals, call external tools and services, access sensitive data and environments, maintain context across tasks, and delegate work across connected agent workflows. This autonomy introduces a fundamentally different class of security risks, including prompt injection with execution impact, memory and context poisoning, tool response tampering, agent identity abuse, delegated authorization failures, uncontrolled privilege, cross-agent data leakage, and cascading failures across multi-agent systems. Securing agentic AI is critical because organizations are rapidly deploying these systems to automate high-value workflows such as software development, infrastructure operations, security tasks, compliance activities, customer support, and increasingly, actions that affect physical devices and environments. An agent that can be manipulated into misusing its permissions, leaking sensitive data, following poisoned context, or executing unauthorized actions creates direct risk to business continuity, data integrity, system safety, and regulatory obligations. The consequences grow even more severe in connected agent ecosystems, where one compromised agent, tool, or context source can rapidly propagate failures across an entire pipeline.

Question 8

How Will This Course Benefit My Career?

Accepted Answer

SEC546 positions students at the forefront of the next major shift in cybersecurity: securing autonomous AI agents. As organizations move beyond passive chatbot use cases to systems that plan, execute actions, invoke tools, maintain memory, operate across browsers and desktops, and coordinate across multi-agent workflows, demand is growing for professionals who can defend these high-risk environments. This course delivers the specialized, defense-focused skills needed to close that gap and differentiate students in a fast-expanding market. Five intensive, lab-driven days go far beyond general AI security concepts to focus on the distinct attack surface of autonomous AI systems. Students build and apply production-grade defenses across input and output boundaries, prompt injection resistance, agent identity and permissions, memory and context security, rogue-agent containment, runtime governance, defensive MCP gateways, MCP data integrity, tool execution sandboxing, desktop agent security, agent supply chain provenance, multi-agent trust chains, browser and computer-use agents, delegated authorization, cross-agent data isolation, cyber-physical fail-safes, and emerging defenses such as confidential agent execution, then prove those skills in a comprehensive live-fire defense capstone.

Question 9

What is the SEC546 Beta?

Accepted Answer

Beta courses are part of the SANS course development process, bringing new training to market in collaboration with the practitioner community. SEC546 delivers fully developed content, complete labs, and expert instruction at 25% off full course cost.

Question 10

Why Take The Beta?

Accepted Answer

Work directly with the author, Vis Chirravuri in a smaller cohort before general release Be the first to train on the only SANS course built end-to-end for securing agentic AI Apply a complete defensive control stack through hands-on labs: guardrails, goal integrity, secure agent chains, scoped identity, memory integrity, safe termination, and runtime governance. Shape the final course through direct feedback to the author Access the course at 25% off full course cost

SEC536: Adversarial AI - Penetration Testing AI Systems

SEC546: Securing Agentic AI

Course Overview

What You'll Learn

Business Takeaways

Meet Your Author

Viswanath (Vis) Chirravuri

Course Syllabus

Section 1Foundations of Agentic AI Security

Topics covered

Labs

Section 2Agent Operations, Hardening, and MCP Defense

Topics covered

Labs

Section 3Secure MCP, Desktop Agents and Runtime Defenses

Topics covered

Labs

Section 4Multi-Agent, Browser and Computer-Use Agent Security

Topics covered

Labs

Section 5Cyber-Physical Agent Security & Emerging Frontiers

Topics covered

Labs

Things You Need To Know

Course Schedule and Pricing

We couldn't find a match for your selection

Benefits of Learning with SANS