Skip to content

Module 7 — Summary

Type: Theory · Duration: ~3 min · Status: Mandatory

Video script

[SLIDE 1 — Module 7 wrap]

Module 7 wrap. This was the operational module. You built a defense stack: Llama Guard plus structured output plus dual-LLM, and measured attack-success drop from 85 percent to single digits at three times the latency cost. You wired Garak and promptfoo into CI/CD, demonstrated a PR-block on a regression, and stood up a nightly trend dashboard. You built production-grade prompt and response logging with PII redaction via Presidio, three abuse-detection queries, and walked a tabletop IR exercise end-to-end.

The theory layer mapped AI-SDLC integration, model governance and signing, the four guardrail placements, observability stack design, AI red-team program design, and AI incident response playbooks. Together with the attack modules from M3 through M6, you now have working attack-and-defense competence across the OWASP LLM Top 10 plus MITRE ATLAS techniques.

The hardest single takeaway from this module: defense is operational, not a product. The defended LLM app you wrapped today, the CI workflow, the logging stack, the IR playbook — these are the daily-cadence artifacts of a working AI security engineering practice. Not events. Standing capabilities.

[SLIDE 2 — What changes in Module 8]

Module 8 is the governance counterpart. NIST AI RMF in practice — Govern, Map, Measure, Manage applied to real systems. EU AI Act compliance — Article 9 risk management, Article 11 documentation, Article 12 record-keeping, Article 14 oversight, Article 15 cybersecurity. Building an AI red-team program from the governance side. Documentation: model cards, system cards, AI-BOMs revisited. One mandatory lab. About 3 hours.

Module 9 follows: the capstone. You red-team a fictional SaaS end-to-end and produce a full report. See you in Module 8.

Slide outline

  1. Module 7 wrap — six-checkmark recap + the "defense is operational" landing point.
  2. What's next — Module 8 teaser: governance + compliance.

Production notes

  • Recording: 2-3 min raw.
  • Same "Module N → Module N+1" visual convention.