Skip to content

Asfela AI Security Engineering — Landing Page Copy (v1)

This is the section-by-section copy for the single-page sales site at asfela.com/ai-security (or equivalent). Each section includes the literal copy, structural notes ([builder: …]), and where applicable, alt copy variants for A/B testing.

Target reader: a security engineer who has been doing DevSecOps for 5+ years and is starting to assess AI features inside their company — OR — an ML engineer who has shipped a few LLM features and is realizing the security model is undefined.

Tone calibration: specific, technical, confident, no marketing fluff. The reader can detect SaaS marketing copy from 100 yards and will close the tab. Assume they read the curriculum overview before they read the FAQ.

One-line summary the page must communicate: the bridge course between security engineering and AI/ML engineering — not "intro to AI security," not "intro to ML for security people," but the production-ready bridge.

Section 1 — Hero (above the fold)

[builder: full-width hero, single column on mobile, two-column on desktop with copy left + minimal illustration or screen-recording loop right. CTA button is the only visual focal point.]

Eyebrow (small caps, muted): PROFESSIONAL TIER · COHORT-PACED · INSTRUCTOR-LED

H1: Become the AI security engineer your company is about to hire.

Sub-headline (one sentence, ~25 words): A 38-hour, hands-on course that turns security engineers and ML engineers into practitioners who can threat-model, attack, defend, and govern production AI systems.

Primary CTA button: Enroll — $1,500 ($999 early-bird through {{early_bird_end_date}})

Secondary link (smaller, below CTA): Read the syllabus → [links to curriculum overview]

Trust micro-row (below CTA, small text): Maps to OWASP LLM Top 10 · MITRE ATLAS · NIST AI RMF · EU AI Act

Alt H1 variants for A/B testing later

  1. Become the AI security engineer your company is about to hire. (default)
  2. Stop reading about AI security. Start building it.
  3. The hands-on bridge between security engineering and AI/ML.

Section 2 — The mismatch (problem framing)

[builder: full-width, centered text, narrow column (~640px). Sets up the "why this course exists" before any content claims.]

H2: The market is full of "AI security awareness" courses. None of them produce engineers who can ship a defense.

Body (2–3 short paragraphs):

There are two kinds of AI security training in 2026.

The first kind teaches non-technical audiences what prompt injection is. The second kind teaches ML researchers how to publish papers on adversarial robustness. Neither produces the role that companies are actually hiring for right now: an engineer who can sit with a product team, threat-model a new LLM feature, run a red-team campaign, ship the guardrail stack, and stand up the governance documentation regulators ask for.

That role doesn't have an Associate-degree pipeline yet. Most people doing this work today are figuring it out on the job. This course is the structured path.

Section 3 — Who this is for (two-column)

[builder: two-column layout with 50/50 split on desktop, stacked on mobile. Each column has a small icon (lock + brain, or similar — keep minimal), a header, and a short body. Both columns have the same visual weight.]

H2: This course is for two kinds of engineer.

Column 1

Header: You're a security engineer.

You've been doing DevSecOps or application security for 5+ years. You can read a STRIDE table without help, you've run a Burp Suite engagement, you know what OWASP Top 10 means and why it matters. But AI security feels different: tokenization, embeddings, RAG, LLM agents — you know the words but not the threat model, and your company is shipping AI features faster than your understanding of them grows.

This course gives you the AI/ML half. By Module 5 you're attacking models you trained yourself, by Module 7 you're shipping the guardrail stack.

Column 2

Header: You're an ML engineer.

You've shipped fine-tuned models, built RAG systems, deployed LLM features behind APIs. You know what an embedding is and how attention works. But you've never written a threat model, you don't know the difference between OWASP LLM01 and LLM06, and the EU AI Act is a paragraph your VP keeps mentioning at standup.

This course gives you the security half. The same lab in Module 3 you build as the developer, you then attack as the red-teamer. By Module 8 you can talk to a CISO in their language.

Section 4 — What you'll be able to do (outcomes)

[builder: numbered list, large numerals (01–05) left-aligned, body text right-aligned per row. Each outcome is one concrete capability, not "you'll understand…".]

H2: By the end, you can do five things you can't do today.

01. Threat-model an LLM-powered application end-to-end. Data flow diagram, STRIDE-MA table with model-manipulation and agency-abuse threats, MITRE ATLAS mapping for the top findings, OWASP LLM Top 10 coverage matrix. You'll produce one in Module 2 against a system you built in Module 1.

02. Attack an AI system across the full kill chain. Prompt injection (direct + indirect), training data poisoning, model extraction and inversion, adversarial-example evasion, supply-chain compromise, agent escape. Hands-on, against deliberately-vulnerable targets that ship with the course.

03. Defend an AI system with a measurable stack. Llama Guard at input, structured output enforcement, dual-LLM pattern for retrieval, intent verification for agent tool calls, prompt-response logging with Presidio PII redaction. You'll measure attack-success-rate before vs. after and produce the before/after table CISOs ask for.

04. Govern an AI program against NIST AI RMF and EU AI Act. Model cards, system cards, data sheets, AI-BOM, incident-reporting playbooks, Article 11 technical documentation, risk register. The artifact pack that survives a regulator review.

05. Operate an AI red-team function inside an engineering org. Garak + PyRIT + promptfoo wired into CI; nightly automated scans; trend dashboards; an IR playbook with AI-specific containment steps; the org-design and procurement patterns that make the function durable.

Section 5 — The 11 modules

[builder: visual grid of 11 module cards. Each card: module number, title, one-line description, estimated hours, "11 modules" tally in a small badge top-right. On mobile, stack vertically. Clicking a card expands to show the lesson list (the full content from 00-curriculum-overview.md).]

H2: 38 hours. 11 modules. 20 mandatory labs.

Module 0 — Orientation & Environment Setup (1.5 hrs) Welcome, the AI security landscape in 2026, and the setup lab that makes everything else work.

Module 1 — AI/ML Foundations for Security Engineers (3.5 hrs) ML in 30 minutes, neural networks, LLMs explained, the modern pipeline, where attacks happen. Lab: build a tiny RAG.

Module 2 — AI Security Foundations for ML Engineers (3.5 hrs) STRIDE adapted for AI, MITRE ATLAS deep dive, OWASP LLM Top 10, NIST AI RMF + EU AI Act. Lab: threat-model the M1 RAG.

Module 3 — Prompt Injection & LLM Application Attacks (6 hrs) Direct + indirect injection, insecure output handling, excessive agency, system-prompt extraction. 6 labs against vulnerable chatbot and over-permissioned agent.

Module 4 — Data Poisoning, Backdoors & Supply Chain (4.5 hrs) Training data poisoning, BadNets-style backdoors, harmful fine-tuning, model supply-chain risk. Labs: poison a sentiment classifier, plant a backdoor, scan pickles, generate an AI-BOM.

Module 5 — Model Extraction, Inversion & Membership Inference (3.5 hrs) Stealing a model via API queries, MIA, training-data extraction from LLMs, privacy defenses. Labs: 5,000-query model theft, shadow-model MIA, training-data extraction from GPT-2.

Module 6 — Adversarial Examples & Evasion (3 hrs) FGSM, PGD, AutoAttack against image classifiers; TextFooler / BERT-Attack against text classifiers; content-moderation bypass. Labs that produce the canonical robustness-vs-epsilon curves.

Module 7 — Securing the AI Pipeline (MLSecOps & Defenses) (4.5 hrs) Llama Guard, structured output, dual-LLM, observability, PII redaction, AI red-team automation, AI incident response. Labs build the defense stack and the CI eval harness.

Module 8 — AI Governance, Risk & Compliance (3 hrs) NIST AI RMF in practice, EU AI Act risk tiers + Article 11 documentation, AI security program design, model cards + AI-BOM, incident reporting.

Module 9 — Capstone Project (4 hrs) You produce four artifacts for Helios Health — a fictional healthcare SaaS launching an LLM-powered Triage Copilot. Threat model, red-team report with prioritized findings, remediation plan, pre-launch checklist mapped to NIST AI RMF + EU AI Act.

Module 10 — Certification Exam (~1 hr) 50 questions across all modules. 75% to pass. Two attempts.

Section 6 — The capstone (deep-dive)

[builder: full-width section, two-column on desktop (copy left + mock-up of the deliverable spec on the right). On mobile, copy first then mock-up. This is the section that justifies the price — give it visual weight.]

Eyebrow: THE PORTFOLIO PIECE

H2: You don't leave with a certificate. You leave with a portfolio piece.

Body:

In Module 9, you're hired (in-scenario) as the first AI security engineer at Helios Health — a Series B B2B SaaS launching an LLM-powered "Triage Copilot" for hospital intake nurses, with five weeks to go before GA. The product reads patient records, drafts intake summaries, flags drug interactions, surfaces clinical protocols. Compliance posture is mid-tier. Stakeholders include the CMO, the CCO, and a launch-pressured PM.

You produce four artifacts:

  1. Threat model — DFD with trust boundaries, STRIDE-MA table with model-manipulation + agency-abuse threats, ATLAS mapping for the top findings, OWASP LLM Top 10 coverage matrix.
  2. Red-team report — 5+ prioritized findings with severity, multi-framework citations (ATLAS + OWASP + NIST + EU AI Act + HIPAA), reproduction steps, impact, recommendations.
  3. Remediation plan — three time horizons (block-launch / launch-with-mitigations / post-launch 90 days), technical + governance controls, residual-risk acceptance, effort estimates.
  4. Pre-launch checklist — 25+ items mapped to NIST AI RMF functions and EU AI Act articles, with classification (Launch-blocking / with-mitigations / Informational) and owner per item.

You self-grade against a published rubric. Then you compare your work against the portfolio-quality reference solution included in the course — so you can see what "Excellent" looks like and push your draft up to that bar.

That artifact is what you point to when an employer asks "have you done AI security engineering work." The certificate verifies you completed the course. The capstone proves you can do the job.

Section 7 — Frameworks you'll know cold

[builder: 4-column grid (or 2x2 on tablet). Each cell has a logo placeholder + framework name + one-line "what you'll be able to do with it."]

H2: Four frameworks. Working knowledge, not headline familiarity.

OWASP Top 10 for LLM Applications Map a finding to LLM01–LLM10 in seconds. Explain why a control belongs in LLM01 and not LLM06.

MITRE ATLAS Reference real ATLAS technique IDs and sub-techniques in red-team reports. Use ATLAS case studies in design reviews.

NIST AI RMF 1.0 (+ GenAI Profile) Author NIST AI RMF subcategory citations in deliverables. Map any product to Govern / Map / Measure / Manage functions.

EU AI Act Determine risk tier (Prohibited / High / Limited / Minimal). Produce Article 11 + Annex IV technical documentation. Map an Article 73 serious-incident report.

Section 8 — What's different about this course

[builder: 3-card row. Each card: bold header + short body. Differentiates from competitors without naming them.]

H2: Three things make this course unusable as background noise.

1. Hands-on against real targets. You break a vulnerable LLM chatbot. You poison a real (mini) training dataset. You extract a model via 5,000 API queries. You build the dual-LLM defense and watch attack success drop from 85% to 5%. Every defense you learn, you measured the impact yourself.

2. Frameworks mapped on every lesson. Every theory lesson and lab carries a framework tag — OWASP: LLM01 · ATLAS: AML.T0051.001 · NIST AI RMF: Measure 2.7 · EU AI Act: Art. 15. By the end you don't think in framework names; you map automatically.

3. The capstone is the artifact. You finish with a portfolio piece a hiring manager can read. Not a certificate-only credential. The reference solution is included so you can see what good looks like.

Section 9 — Instructor

[builder: photo (Silas) on the left, bio + credentials on the right. ~150 words. Personal-from voice, not third-person corpora.]

H2: Built by a practitioner. Not a content shop.

[builder: insert headshot]

I'm Silas Oyewale. I built this course because no version of it existed when I needed it.

I've spent more than a decade in security and DevSecOps — building secure-by-default infrastructure, running threat-modeling workshops, and increasingly, sitting in the room when product teams ship AI features that nobody on the team can security-review. Asfela is my work on closing that gap.

The course material is opinionated, specific, and current. Every lab uses tools I have shipped or evaluated in real work: Garak, PyRIT, promptfoo, Llama Guard, Presidio, CycloneDX-AI, Sigstore for models. The frameworks taught are the ones that hold up in front of regulators and CISOs in 2026.

If you have questions about whether this course is right for your role — reply to the welcome email after you enroll, or email silas@asfela.com before you do. I read every email.

Section 10 — Pricing

[builder: single pricing card, centered. Highlight the early-bird discount with strikethrough on the $1,500 and emphasis on $999. Below the price, a short list of what's included. Below that, a single CTA.]

H2: One price. Everything included.

[builder: pricing card]

$1,500 — $999 (early-bird through {{early_bird_end_date}}, first {{early_bird_seats}} enrollments only)

After: $1,500 / seat.

Included: - All 11 modules, ~38 hours of material - 20 mandatory hands-on labs + 8 optional extensions - Companion code repository (Docker targets, lab scripts, defense library) - Capstone reference solution - Weekly cohort office hours (first cohort: 12 weeks of live sessions) - Certificate on completion (with verifiable URL) - Private Slack community

CTA button: Enroll now — $999 early-bird

Smaller note below: Pay with credit card or invoice. 14-day full refund if you haven't completed Module 2. Team-of-5 pricing available — email silas@asfela.com.

Section 11 — Social proof (placeholder, populate after beta)

[builder: testimonial carousel or 3-up grid. Hide entirely on v1 launch if no testimonials yet; populate after beta cohort completes.]

H2: What practitioners are saying.

[builder: insert 3–5 testimonials after the beta cohort. Format: headshot + name + title + role + ~50-word quote. The bias to engineer for: get testimonials from BOTH personas — at least one security engineer talking about the AI half, one ML engineer talking about the security half.]

Placeholder example (will be removed before launch):

"I'd been doing application security for 12 years and AI features were the first thing in my career that I couldn't review with my usual playbook. Module 3 alone gave me a reusable mental model for prompt-injection review that I now use in every product review." — [Name], Staff Security Engineer at [Company]

Section 12 — Frequently asked questions

[builder: accordion-style FAQ, all closed by default. 6–10 questions max.]

H2: Frequently asked questions.

Q: How much time per week does this require? About 3 hours per week for 12 weeks if you're doing it during the cohort, or you can finish faster (self-paced after the first cohort). The course is 38 hours of material; most learners spend 40–50 including labs and the capstone.

Q: Do I need a GPU? No. Every lab is designed to run on a reasonable CPU — Mac, Linux, or Windows with WSL2. Some labs run faster with a GPU but none require one.

Q: What's the prerequisite? Comfort with Python (you've written more than 100 lines), comfort with the shell (you can navigate a repo, edit a file, run Docker), and either: (a) 3+ years of security engineering experience OR (b) you've shipped at least one ML model to production. The course is designed for either path; both backgrounds are well represented in the cohort.

Q: Is this self-paced or cohort-based? The first cohort is cohort-paced (12 weeks, weekly office hours). After the first cohort, it transitions to self-paced with monthly office hours. Cohort enrollment is currently at the beta price for the first {{early_bird_seats}} students.

Q: What's the refund policy? 14-day full refund if you haven't completed Module 2. After that, no refunds, but the course material is yours indefinitely.

Q: Will this expire? Course access does not expire. Frameworks evolve (OWASP LLM Top 10 revises annually; NIST AI RMF profiles roll out continuously) — we publish a course changelog and re-record updated lessons. You get the updates as long as the course exists.

Q: Can my company pay for this? Yes. Invoice payment is supported. Team-of-5 pricing is available at $4,500 (was $7,500). Email silas@asfela.com for invoice or team enrollment.

Q: I'm not from the US — is this relevant for me? Yes. The course covers GDPR + EU AI Act in detail, and the OWASP / MITRE / NIST frameworks are universally adopted. Roughly half the design effort went into making this jurisdiction-aware.

Q: How is this different from the SANS / Offensive Security / Pluralsight AI security courses? Three differences. First, it's deeper in the production engineering of defenses (Modules 7–8); most courses stop at "here's what prompt injection is." Second, the capstone produces a portfolio artifact you can actually show employers. Third, it bridges the two audiences (security engineers + ML engineers) rather than serving only one.

Section 13 — Final CTA

[builder: full-width section, dark background, single CTA centered. Short. The page has earned the close at this point.]

H2 (one line): Stop reading about AI security. Start building it.

CTA button: Enroll — $999 early-bird

Below button (small text): 14-day refund. No GPU required. Beta cohort starts {{cohort_start_date}}.

[builder: minimal footer. Logo, copyright, links to Terms, Privacy, Contact, and the syllabus PDF.]

© Asfela 2026 · Terms · Privacy · Contact · Syllabus PDF

Operational notes for the builder

SEO + meta

  • Page title: Asfela AI Security Engineering — Professional | Hands-on AI security training
  • Meta description (~155 chars): A 38-hour hands-on course for security engineers and ML engineers. Threat-model, attack, defend, and govern production AI systems. Cohort starts {{date}}.
  • OG image: 1200×630 with course name + the one-line value prop + Asfela logo.

Conversion-relevant design choices

  • Single CTA color used only for the enroll button. Don't decorate other elements in the same color.
  • Sticky enroll button in the top-right after the user scrolls past the hero. Mobile: floating bottom bar.
  • Above-the-fold content must work on a 1366×768 laptop screen — that's the most common resolution for security engineers reviewing this on their work machine.
  • Lighthouse performance >90. This audience uses uBlock; bloated trackers will be blocked anyway. Run lean.

What's missing from v1 (add after beta)

  • Testimonials (Section 11): hidden on launch, populated after beta cohort.
  • Video preview / trailer: a 90-second "what's in the course" cut. Add when you have ≥3 polished theory lessons recorded.
  • Logo bar of companies whose engineers took the course: add when ≥10 students from named companies have enrolled (with their permission).
  • "Featured in" press logos: skip until they're real. The audience can tell.

Variants to A/B test later

  • Hero H1 variants (3 options listed in Section 1).
  • Capstone callout: "portfolio piece" vs "deliverable a hiring manager can read."
  • CTA copy: "Enroll" vs "Start the course" vs "Join the cohort."
  • Pricing card: with vs without the strikethrough price.

Content that should also live as standalone PDF

  • The full syllabus (curriculum overview) — PDF version of 00-curriculum-overview.md, downloadable from the "Read the syllabus" link in Section 1. Some buyers want to forward this to their L&D or manager before enrolling.
  • The team-of-5 one-pager — referenced in Section 10's CTA. Separate document.

Words / phrases to avoid

  • "Transform your career" / "revolutionize" / "world-class" / "industry-leading" — pattern-match to SaaS marketing.
  • "Cutting-edge" — every course claims this; the audience discounts it to zero.
  • "Hacking" (without qualifier) — implies offense-only; this is a defense-and-offense course.
  • "Comprehensive" — vague; replace with the actual hours/modules/labs count.
  • "Master" as a verb ("master the EU AI Act") — overpromises.

Words / phrases to keep

  • "Hands-on" — accurate.
  • "Production-ready" — accurate; the labs and capstone are.
  • "Practitioner" — flatters the audience appropriately.
  • "Measurable" / "measurement" — distinctive; many courses can't claim this.
  • "Bridge" — the core positioning concept.