99 — Course completion: where you go from here¶
Type: Theory (closing) · Duration: ~5 min · Status: Mandatory (closing)
This is the final piece of the Asfela AI Security Engineering — Professional course. If you've certified, this is your closing module. If you haven't yet, save this for after.
Video script¶
[SLIDE 1 — You finished]
You finished. Eleven modules, ~38 hours, dozens of labs, a capstone, an exam. That's real.
A year ago, if someone had said "I do AI security engineering," the field was thin enough that you couldn't fully verify what they meant. Now there's a body of practice — frameworks, tools, attack/defense patterns, governance regimes — and you've gone through that body of practice end-to-end. You can threat-model an AI system. You can attack one across the full kill chain — prompt injection, poisoning, extraction, evasion, supply chain. You can defend one with guardrails, observability, structured outputs, dual-LLM patterns. You can govern an AI program against NIST AI RMF and the EU AI Act in a way that survives audit.
Most importantly — and this is the hardest piece to teach — you can make defensible judgment calls under time pressure. The capstone exercised exactly that. So does every real AI security review.
[SLIDE 2 — What this gets you]
Three concrete things you can do with this credential, starting Monday.
One. Apply for AI security engineering roles — at AI labs, at security companies adding AI products, at enterprises hiring their first AI security engineer. The job titles are still settling — "AI security engineer," "ML security engineer," "AI red-teamer," "AI risk engineer." All of them are downstream of what you just learned.
Two. Advocate for an AI security function inside your current company. If your company is shipping AI features and doesn't have someone whose job is security for those features, you can be that person. The capstone artifact you produced is the proof-of-concept you can show your VP of Engineering.
Three. Take on AI security work as a contractor. The Helios Health engagement in the capstone is a realistic version of a real consulting engagement. Many companies need an AI security review pre-launch and don't yet have an internal function. A 2-to-4 week engagement producing the kind of artifacts you produced in the capstone is a real, billable service. Many of you will end up doing this — either as your primary work or as a side activity.
[SLIDE 3 — Where the field is going]
Three trends to track over the next two years.
Agent security is going to dominate. The shift from chatbots to tool-using agents is the biggest threat surface expansion in years. The principle of least authority — applied to agent tools, not just system users — will become a security primitive. The dual-LLM pattern, structured output, human-in-the-loop on state-mutating actions: these become baseline, not advanced.
Multi-modal everything. Image-in-context attacks, audio-based jailbreaks, video-based prompt injections. The attack surface multiplies because every modality is a new injection channel.
Regulatory operationalization. The EU AI Act high-risk obligations have a phased compliance timeline that's still rolling. Companies that figured this out before enforcement scaled up are advantaged. NIST AI RMF profiles are emerging for specific industries — healthcare, finance, biometric, education. Knowing how to map a real product to a NIST profile is a billable skill.
[SLIDE 4 — Stay sharp]
AI security moves fast. To stay sharp:
Keep doing red-team work. Garak, PyRIT, promptfoo, and the next two tools that will exist in six months. If you stop doing hands-on work, you stop being effective in two quarters.
Track the major sources. OWASP LLM Top 10 (revised roughly annually). MITRE ATLAS technique additions. NIST AI 600-1 GenAI profile and successors. Anthropic and OpenAI safety research papers — they publish a steady stream that defines attack frontiers.
Practice writing for non-engineers. The hardest skill in AI security isn't the technical work — it's writing a security finding that lands with a compliance officer, a clinical lead, a board risk committee. Your capstone was a sample. Do more of that kind of writing.
[SLIDE 5 — One last thing]
If the work matters to you, find one or two other practitioners and trade reviews on each other's work. AI security is moving too fast for any one person's review to catch everything; pair-reviewing real artifacts is the highest-leverage way to grow.
Thanks for doing this course. Build things people can trust. See you in the field.
Slide outline¶
- You finished — eleven modules, ~38 hours, capstone, exam. You can threat-model + attack + defend + govern AI systems.
- What this gets you — three concrete next steps: apply for AI security roles, advocate for the function internally, contract on pre-launch reviews.
- Where the field is going — agent security, multi-modal, regulatory operationalization.
- Stay sharp — keep doing hands-on red-team, track the major sources, practice writing for non-engineers.
- One last thing — find peers, trade reviews on real artifacts.
What you carry away from this course¶
Concretely:
- The course modules + companion code repo — yours forever as a reference library. Bookmark both.
- The capstone artifact — your portfolio piece. Sanitize and pin to GitHub.
- The certificate — credential for résumé / LinkedIn / procurement / customer-facing claims.
- The mental models — STRIDE-MA, ATLAS mappings, OWASP LLM Top 10, NIST AI RMF four functions, EU AI Act high-risk obligations. You will reuse these on every engagement.
- The toolchain familiarity — Llama Guard, Garak, PyRIT, promptfoo, Presidio, picklescan, modelscan, CycloneDX-AI, Sigstore-for-models. You won't use all of these every day, but you'll know when to reach for each.
Course-end framework cross-reference (single page)¶
| Topic | OWASP LLM | ATLAS | NIST AI RMF | EU AI Act |
|---|---|---|---|---|
| Prompt injection (direct / indirect) | LLM01 | AML.T0051, AML.T0057 | Measure 2.7 | Art. 15 cybersecurity |
| Insecure output handling | LLM03 | AML.T0055 | Manage 2.4 | Art. 15 |
| Training data poisoning | LLM03 / LLM05 | AML.T0020 | Measure 2.6, Map 4.1 | Art. 10 data governance, Art. 15 |
| Supply chain risk | LLM05 | AML.T0010, AML.T0019 | Govern 6.1, Measure 4.2 | Art. 16 obligations |
| Sensitive info disclosure | LLM02 | AML.T0024.001 | Measure 2.10 | Art. 10, Art. 15 |
| Model theft / extraction | LLM10 | AML.T0024 | Measure 4.2 | Art. 15 |
| Excessive agency | LLM08 | AML.T0053 + tactic AI Model Inference Manipulation | Govern 1.3, Manage 1.3 | Art. 14 human oversight |
| Adversarial examples | (cross) | AML.T0043 | Measure 2.7 | Art. 15 accuracy / robustness |
| Membership inference / model inversion | LLM02 (privacy) | AML.T0044 | Measure 2.10 | Art. 10, Art. 15 |
| Governance / documentation | LLM09 (over-reliance) | (governance, not technique) | Govern, Map, full coverage | Art. 9 risk mgmt, Art. 11 docs, Art. 12 logs, Art. 13 transparency, Art. 14 oversight |
Print this page. You'll reference it for years.
Thank you¶
You're now part of a small but rapidly growing community of practitioners. The credential matters, but what matters more is what you do with it. Build AI systems people can trust — and when you see ones built badly, speak up. The field is too early-stage for that voice to be optional.
— Asfela