AI Security & Policy
Discipline-specific fluency for security, backend, data, and infrastructure engineers. The traps your specialty has that a generalist would miss.
Who this is for
Target audience
- Backend and API engineers using AI tools in production codebases
- Security engineers reviewing AI-generated code and building defenses
- Data, DevOps, and infrastructure engineers in AI-assisted workflows
Prerequisites
- Working knowledge of your specialist area (backend, security, data, DevOps, or SRE)
- Basic familiarity with at least one AI coding tool
- Comfort with git, CI/CD, and your team's deployment pipeline
What you'll learn
10 lessons, each built around the same structure: show, tell, do, break it, check. No lesson has more than 15 minutes of passive content before a hands-on moment.
- 1
Shared foundation: literacy and prompting
Hallucination spotting, safe-to-paste rules, review reflex, small verifiable steps, zero/few-shot, CoT, structured outputs.
- 2
Tool fluency basics
CLAUDE.md / AGENTS.md, the agent loop, cost discipline, reading the trace. Enough to be dangerous in the right way.
- 3
Backend/API: designing endpoints with AI
Safe implementation patterns, migrations where human review is load-bearing, meaningful tests, observability from day one.
- 4
Backend/API: threat modeling and shipping
Threat modeling an endpoint, performance work (when AI helps vs. misleads), shipping and rollback patterns.
- 5
Security: threat models with an AI partner
SAST and dependency triage at scale, reviewing AI-generated code for security smells, prompt injection defense in depth.
- 6
Security: red-team exercises and policy
Red-team exercises with LLMs as collaborators, drafting detections and policies, privacy and data minimization.
- 7
Data engineering: SQL and pipelines
SQL from natural language (what to trust), query plans, pipeline refactoring (Airflow, dbt, Dagster), schema changes and backfills.
- 8
DevOps: infrastructure as code with AI
Terraform/Pulumi/CDK with AI, Kubernetes manifests, CI/CD pipeline authoring, secret handling, blast-radius discipline.
- 9
SRE: incident response with AI
The don't-panic rule, postmortem drafting, runbook authoring, log analysis, alert tuning, keeping human-in-the-loop.
- 10
Capstone: specialist assessment
Each specialist picks their discipline's capstone. Security: review a PR with 4 subtle issues. Backend: ship a versioned endpoint. Data: add a dbt model with tests.
What you'll build
Every track includes graded hands-on labs on realistic codebases. No toy examples.
Security code review lab
Review a pull request containing 4 subtle security issues. Write up findings with severity, impact, and recommended fixes.
Backend endpoint capstone
Ship a new versioned API endpoint with tests, documentation, migration, and observability. End-to-end in a realistic codebase.
Infrastructure-as-code lab
Add a new microservice to a sample platform: Terraform module, Helm chart, CI pipeline, and deployment verification.
Sample lesson preview
Lesson preview
Security: prompt injection defense in depth
- How prompt injection actually works in production systems (not just toy demos)
- The three layers of defense: input validation, output filtering, and architectural isolation
- Reviewing AI-generated code for security smells that a generalist would miss
- Hands-on: exploit and then fix a vulnerable endpoint in a sample application
Certified AI-Assisted Specialist
Complete this track to earn your CAS badge. Certifications are earned through practical assessment — a written exam plus a hands-on practical — not just quiz scores. Exportable as Open Badges 2.0 and verifiable by URL.
Badges are valid for 18 months, renewable with a short refresh assessment.
Start your team's training
Per-seat annual plans start at $300/user. Enterprise pricing available for teams over 200.
Not sure where to start?
Take our free 3-minute AI maturity assessment and get a personalized recommendation for which tracks fit your team.