Responsible AI in software development
11 Labs
2 Case Studies
Platform
Generative AI
Audience
All people involved in using GenAI or developing machine learning
Preparedness
General development
Standards and references
NIST
Group size
12 participants
Outline
- A brief history of Artificial Intelligence
- Responsible AI
- An overview of AI and ML security
- Using GenAI responsibly in software development
- Summary and takeaways
What you will learn
- Understand various aspects of responsible AI
- Essentials of machine learning security
- How to use generative AI responsibly in software development
- Prompt engineering for optimal outcomes
- How to apply generative AI throughout the SDLC
Description
Generative AI is inevitably transforming the software industry. Tools like ChatGPT or GitHub Copilot enable developers to code more efficiently than ever before. While this sparks excitement, it also raises concerns, and so many stakeholders tend to balance this optimism with caution. Though these tools are advancing rapidly, to date they still lack the necessary sophistication to consider various subtle but important aspects of software products. This course emphasizes the importance of understanding this evolution through the well-established principles of Responsible AI.
After a short overview of AI and specifically responsible AI, participants delve into the complex world of machine learning (ML), focusing on how these solutions can be compromised. Threats and vulnerabilities such as model evasion, poisoning, and inversion attacks are explained in a simple way, via real-world case studies and live demonstrations. Finally, we overview the security challenges of large language models (LLMs), exploring the practical defenses as well.
The course then highlights the capabilities and limitations of generative AI (GenAI) tools – like GitHub Copilot, Codeium or others -, offering insights into their role in code generation and beyond. Topics include smart prompt engineering, not only during the implementation phase, but also during requirements capturing, design, testing, and maintenance. Participants will learn best practices and pitfalls of using AI-generated code, with hands-on labs demonstrating potential security flaws such as dependency hallucination and path traversal. By the end, software engineers and managers will have a clear understanding of how to responsibly integrate GenAI tools into the various stages of the software development lifecycle.
Note:
A must-have primer to those concerned about using GenAI tools in their software development projects. Building on these foundations, and depending on the technology stack, we suggest continuing with one of the Generative AI courses - see Code responsibly with generative AI in C++/Java/C#/Python. However, if you develop machine learning solutions, you can also continue your journey with the comprehensive 4-day Machine learning security course.
Table of contents
- A brief history of Artificial Intelligence
- The origins of AI
- Neural networks and “probability engines”
- Robustness of ML systems
- Early ML coding tools
- The AI coding revolution of the 2020s
- Responsible AI
- What is responsible AI?
- Accountability and Transparency
- Mitigation of harmful bias
- Validity and reliability
- Lab – Experimenting with reproducibility in Copilot
- Explainability and interpretability
- Safety, security, privacy and resilience
- Security and responsible AI in software development
- An overview of AI and ML security
- A quick overview of ML for non-specialists
- GIGO and other well-known ML pitfalls
- Malicious use of AI
- Real-life attacks against AI
- Subverting AI to attack others
- AI and ML security standards
- A quick look at ML hacking: evasion
- A quick look at ML hacking: poisoning
- A quick look at ML hacking: model inversion
- A quick look at ML hacking: model stealing
- The security of large language models
- Security of LLMs vs ML security
- OWASP LLM Top 10
- Practical attacks on LLMs
- Practical LLM defenses
- Using GenAI responsibly in software development
- LLM code generation basics
- Basic building blocks and concepts
- GenAI tools in coding: Copilot, Codeium and others
- Can AI… take care of the ‘boring parts’?
- Can AI… be more thorough?
- Can AI… teach you how to code?
- Lab – Experimenting with an unfamiliar API in Copilot
- GenAI as a productivity boost
- The dark side of GenAI
- Reviewing generated code – the black box blues
- The danger of hallucinations
- The effect of GenAI on programming skills
- Where AI code generation doesn’t do well
- Prompt engineering techniques for code generation
- Why is a good prompt so important?
- Zero-shot, few-shot, and chain of thought prompting
- Lab – Experimenting with prompts in Copilot
- Using prompt patterns for code generation
- Software design patterns vs prompt patterns
- The 6 categories of prompt patterns
- Using various prompt patterns
- Best practices and pitfalls for code-generating AI prompts
- Least-to-Most: decomposition of complex tasks
- Lab – Task decomposition with Copilot
- The importance of examples and avoiding ambiguity
- Unit tests, TDD and GenAI
- Lab – Test-based code generation with Copilot
- Establishing the context for generative AI
- Lab – Experimenting with context in Copilot
- Enforcing and following token limits
- Integrating generative AI into the SDLC
- Using GenAI beyond code generation
- Using AI during requirements specification
- Prompt patterns for requirements capturing
- Software design and AI
- Prompt patterns for software design
- Using AI during implementation
- Prompt patterns for implementation
- Lab – Finding hidden assumptions with Copilot
- Using AI during testing and QA
- Using AI during maintenance
- Prompt patterns for refactoring
- Lab – Experimenting with code refactoring in Copilot
- Prompt patterns for change request simulation
- Security of AI-generated code
- Security of AI generated code
- Practical attacks against code generation tools
- Dependency hallucination via generative AI
- Case study – A history of GitHub Copilot weaknesses (up to mid 2024)
- A sample vulnerability
- Path traversal
- Lab – Path traversal
- Path traversal-related examples
- Additional challenges in Windows
- Case study – File spoofing in WinRAR
- Path traversal best practices
- Lab – Path canonicalization
- Lab – Experimenting with path traversal in Copilot
- Summary and takeaways
- Responsible AI principles in software development
- Resources and additional guidance
Pricing
1 day Session Price
750 EUR / person
- Live, instructor led classroom training
- Discussion and insight into the hacker’s mindset
- Hands-on practice using case studies based on high-profile hacks and live lab exercises
Customized course
Tailor a course to your preferences
- Send us a brief description of your business’s training needs
- Include your contact information
- One of our colleagues will be in touch to schedule a free consultation about training requirements
Inquiry
Interested in the trainings but still have some questions? Curious about how you can customize a training for your team? Send us a message and a team member will be in touch within 24 hours.
Related Courses
Code responsibly with generative AI in Java
CYDJvWeb3dCop
3 days
>
Audience
Java developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
- Cyber security basics
- The OWASP Top Ten 2021
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Java
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of Java
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
Code responsibly with generative AI in Python
CYDPyWeb3dCop
3 days
>
Audience
Python developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
- Cyber security basics
- The OWASP Top Ten 2021
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Python
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of Python
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
Code responsibly with generative AI in C#
CYDCsWeb3dCop
3 days
>
Audience
C# developers working on Web applications
Group size
12 participants
Labs
Hands-on
Description
Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.
Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.
The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
- Cyber security basics
- The OWASP Top Ten 2021
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in C#
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of C#
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
Code responsibly with generative AI in C++
CYDCpp3dCop
3 days
>
Audience
C/C++ developers
Group size
12 participants
Labs
Hands-on
Description
Embark on a comprehensive exploration of cybersecurity and secure coding practices in this intensive three-day course. It is primarily focusing on C++, but also integrates some C concepts. Based on a primer on machine code, assembly, and memory overlay (Intel and ARM versions available), the curriculum addresses critical security issues related to memory management. Various protection techniques on the level of source code, compiler, OS or hardware are discussed – such as stack smashing protection, ASLR or the non-execution bit – to understand how they work and make clear what we can and what we can’t expect from them.
The various secure coding subjects are aligned to common software security weakness categories, such as security features, error handling or code quality. Many of the weaknesses are, however, linked to missing or improper input validation. In this category you’ll learn about injection, the surprising world of integer overflows, and about handling file names correctly to avoid path traversal.
Through hands-on labs and real-world case studies, you will navigate the details of secure coding practices to get essential approaches and skills in cybersecurity.
So that you are prepared for the forces of the dark side.
So that nothing unexpected happens.
Nothing.
Outline
- Cyber security basics
- Memory management vulnerabilities
- Memory management hardening
- Common software security weaknesses
- Using vulnerable components
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Correctly implementing various security features
- Identify vulnerabilities and their consequences
- Learn the security best practices in C++
- Managing vulnerabilities in third party components
- Input validation approaches and principles
Machine learning security
CYDMLPy
4 days
>
Audience
Python developers working on machine learning systems
Group size
12 participants
Labs
Hands-on
Description
The course bridges the two worlds of cybersecurity and machine learning. Starting from the core cybersecurity principles, it highlights how ML systems are exposed to threats – both pre-existing threats from the world of software security affecting these systems in unexpected ways and completely new kinds of threats that require a deeper understanding of adversarial machine learning.
The first step of understanding the security of ML is to analyze the relevant threats. We synthesize a threat model (the assets to protect, the security requirements, the attack surface, potential attacker profiles, and the actual threat model represented via attack trees) based on the existing threat models of NIST, Microsoft, BIML, and OWASP. We then explore the relationship of security and ML, from ML-driven static analysis tools and IDS to a brief glimpse at ML-assisted attack tools used by hackers today. We look at the most significant threats against Large Language Models (LLMs), following the OWASP LLM Top 10 2025 (among others). The bulk of the course deals with adversarial machine learning, and a detailed discussion of the four main attack subtypes: evasion, poisoning, model inversion, and model stealing as well as practical aspects of these attacks. Various labs on adversarial attack techniques (model editing, poisoning, evasion, transfer attacks, model inversion, model extraction) offer practical insights into vulnerabilities, while a discussion of defense techniques such as adversarial training, certified robustness, and gradient masking provide the possible countermeasures.
In the rest of the course we discuss some common software security weakness categories, such as input validation, improper use of security features, time and state, error handling and using vulnerable components, putting them in the context of machine learning wherever relevant. Finally, participants are equipped with a solid foundation in cryptography, covering essential knowledge and skills every developer should have as well as techniques of special interest for machine learning such as multiparty computation, differential privacy, and fully homomorphic encryption.
Outline
- Cyber security basics
- Machine learning security
- Input validation
- Security features
- Time and state
- Errors
- Using vulnerable components
- Cryptography for developers
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Learning about various aspects of machine learning security
- Attacks and defense techniques in adversarial machine learning
- Input validation approaches and principles
- Identify vulnerabilities and their consequences
- Learn the security best practices in Python
- Correctly implementing various security features
- Managing vulnerabilities in third party components
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Python