SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsKey findings:
The book's central argument is that cloud security models built for on-premises data centers no longer match how attackers operate or how cloud environments actually function. Identity, rather than network perimeter, has become the foundation of effective defense, and organizations that keep applying legacy governance, patching, and monitoring practices to cloud-native and AI-driven environments are structurally behind the threats they face. The authors are especially direct about generative AI: it is a tool with real security uses, such as translating natural language into policy-as-code or generating abuse-case tests, but it offers little benefit for problems that mature tooling already solves well, like straightforward vulnerability scanning. This is a multi-author strategic and technical guide rather than a single empirical survey, so no unified respondent methodology applies; its statistics are drawn from a mix of primary SANS research, vendor telemetry (Microsoft, Red Canary, Mandiant), and third-party sources such as CISA, Qualys, and The Hacker News, each cited individually within the chapters.
What is Cloud Security Compliance?


Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cybersecurity professionals with the practical skills and knowledge they need to make our world a safer place.
Read more about SANS Institute








