Skip to content

Module 7 — Securing the AI Pipeline (MLSecOps & Defenses)

Duration: ~4.5 hrs · Status: Mandatory Lessons: 16 total — 10 short theory · 3 mandatory labs · 1 optional lab · quiz · summary Framework coverage: OWASP LLM Top 10 (defensive coverage across all entries) · MITRE ATLAS mitigations · NIST AI RMF Govern, Map, Measure, Manage · EU AI Act Article 12 (logging), Article 14 (oversight), Article 15 (cybersecurity)

Module outcomes

By the end of this module, the learner can: 1. Design and articulate a Secure AI Development Lifecycle (AI-SDLC) that integrates with existing SDLC practices. 2. Set up model governance — registries, signing, provenance tracking — for an AI stack. 3. Deploy runtime guardrails (Llama Guard, NeMo Guardrails, structured output, dual-LLM) and measure their effect. 4. Stand up prompt/response logging with PII redaction sufficient for incident response and audit. 5. Design an AI red-team program and wire automated red-team tools (Garak, PyRIT, promptfoo) into CI/CD. 6. Execute AI incident response — playbooks, containment, post-incident review.

Lesson list

AI-SDLC (~10 min)

  • L7.1.1 — AI-SDLC fundamentals (Theory, ~5 min, mandatory)
  • L7.1.2 — Securing the AI lifecycle stage-by-stage (Theory, ~5 min, mandatory)

Model governance (~5 min)

  • L7.2.1 — Model governance, signing & provenance (Theory, ~5 min, mandatory)

Runtime defenses (~10 min)

  • L7.3.1 — Runtime guardrails landscape (Theory, ~5 min, mandatory)
  • L7.3.2 — Structured output and the dual-LLM pattern (Theory, ~5 min, mandatory)

Observability (~10 min)

  • L7.4.1 — Observability: what to log and why (Theory, ~5 min, mandatory)
  • L7.4.2 — PII redaction, drift & abuse detection (Theory, ~5 min, mandatory)

AI red-teaming (~10 min)

  • L7.5.1 — AI red-team program design (Theory, ~5 min, mandatory)
  • L7.5.2 — Red-team tooling: Garak, PyRIT, promptfoo (Theory, ~5 min, mandatory)

AI incident response (~5 min)

  • L7.6.1 — AI incident response playbooks (Theory, ~5 min, mandatory)

Labs (~3 hrs)

  • L7.7(Lab) Wrap an LLM app with Llama Guard + structured output (~75 min, mandatory)
  • L7.8(Lab) Wire Garak into a CI eval harness (~60 min, mandatory)
  • L7.9(Lab) Prompt/response logging with PII redaction (~75 min, mandatory)
  • L7.10(Lab, optional) Continuous eval harness with promptfoo (~45 min, optional)

Wrap-up

  • Quiz — 12 questions, 70% to pass (~10 min, mandatory)
  • Summary — bridge to Module 8 (~3 min, mandatory)

Why this module exists

M3 through M6 covered six classes of attack. This module is where defense gets operationalized. The promise of the course's capstone (M9) is that a learner can defend a real AI system end-to-end — that promise lives or dies on whether the learner can actually deploy guardrails, stand up logging, wire eval into CI, and run an IR exercise. M7 makes each of those mechanical.

This is also the module where engineering bleeds into program design. The L7.5.1 lesson on red-team program design and L7.6.1 on incident response touch organizational practices, not just code. Both are skills you'll be asked to demonstrate in real AI security engineer roles.

What's next

Module 8 — AI Governance, Risk & Compliance. The governance counterpart to this module's engineering focus. NIST AI RMF in practice, EU AI Act compliance, building an AI red-team program from the governance side, documentation (model cards, system cards, AI-BOMs revisited).