Responsible AI in agentic software development
12 Labs
1 Case Studies
Platform
Generative AI
Audience
All people involved in using agentic AI tools in software development
Preparedness
General development
Standards and references
NIST
Group size
12 participants
Outline
- A brief history of Artificial Intelligence
- Responsible AI
- Using GenAI responsibly in software development
- Summary and takeaways
What you will learn
- Understand various aspects of responsible AI
- How to use generative AI responsibly in software development
- Prompt engineering for optimal outcomes
- How to apply generative AI throughout the SDLC
- The challenges in using agentic GenAI
Description
Generative AI is reshaping the software industry, moving beyond code suggestions into autonomous, agent-driven development. Tools like GitHub Copilot and MCP-enabled agents can now participate in requirements gathering, design, testing, and deployment – not just code generation. This evolution sparks both excitement and caution: while productivity gains are clear, new risks around reliability, security, and bias demand responsible use.
This course first introduces participants to the foundations of Generative AI and Responsible AI and then explores how agentic GenAI is changing the software development lifecycle. Participants will study prompting techniques, context engineering, and the integration of AI into requirements specification, design, and testing. A major emphasis is placed on agentic workflows, including automated scaffolding, code-to-spec and spec-to-code transformations, and Dev(Sec)Ops integration via the Model Context Protocol.
Through numerous demonstrations and hands-on labs, participants will gain practical experience with opportunities and pitfalls: from improved productivity and testing support, to challenges such as hallucinations, dangers of “vibe coding”, and the expanded attack surfaces in agentic systems.
By the end of the course, software engineers and managers will understand both the capabilities and the limitations of Generative AI and especially agentic GenAI, and will be equipped with skills to integrate these tools responsibly into modern software engineering practices.
Note:
A must-have primer for those looking to understand and responsibly adopt agentic GenAI in their software development projects. Building on these foundations, and depending on the technology stack, we suggest continuing with one of the Generative AI courses - see Agentic software development with generative AI in C++/Java/C#/Python. For those working on machine learning solutions, the comprehensive 4-day Machine Learning Security course offers a natural next step.
Table of contents
- A brief history of Artificial Intelligence
- The origins of AI
- Neural networks and “probability engines”
- Early ML coding tools
- The AI coding revolution of the 2020s
- Responsible AI
- What is responsible AI?
- Accountability and transparency
- Mitigation of harmful bias
- Validity and reliability
- Demonstration – Experimenting with validity and reliability in Copilot
- Explainability and interpretability
- Safety, security, privacy and resilience
- Security and responsible AI in software development
- Using GenAI responsibly in software development
- LLM code generation basics
- Basic building blocks and concepts
- Prompt templating
- System prompts
- Can AI… boost your productivity?
- Can AI… take care of the ‘boring parts’?
- Can AI… be more thorough?
- Can AI… produce better quality code?
- Reviewing generated code – the black box blues
- The danger of hallucinations
- Demonstration – Experimenting with an unfamiliar API in Copilot
- The effect of GenAI on programming skills
- Some further long-term effects of using GenAI
- Where AI code generation doesn’t do well
- Prompt engineering
- Why is a good prompt so important?
- Establishing the context for generative AI
- Zero-shot, one-shot, and few-shot prompting
- Reasoning-based prompt engineering, chain-of-thought
- Demonstration – Experimenting with prompts in Copilot
- Enforcing and following token limits
- Prompt patterns
- Prompt patterns and prompt priming
- The 6 categories of prompt patterns
- Some further prompting approaches
- Least-to-Most and Self-Planning: decomposition of complex tasks
- Demonstration – Task decomposition with Copilot
- Unit tests, TDD and GenAI
- Demonstration – Test-based code generation with Copilot
- Integrating generative AI into the SDLC
- Using GenAI beyond code generation
- Using AI during requirements specification
- Prompt patterns for requirements capturing
- Prompt patterns for software design
- Demonstration – Requirements capturing and API design with Copilot
- Using AI during implementation
- Prompt patterns for implementation
- Demonstration – Finding hidden assumptions with Copilot
- Using AI during testing and QA
- Agentic software development
- Intelligent agents and GenAI
- How is agentic coding different?
- The Model Context Protocol (MCP)
- Capabilities of MCP agents
- Agentic integration in IDEs
- Agentic development workflow
- Code-to-spec and spec-to-code with GenAI
- Automated scaffolding
- Demonstration – Agentic scaffolding with Copilot
- Setting up the runtime environment
- Demonstration – Environment setup with Copilot
- Incremental development
- Demonstration – Incremental development with Copilot
- The role of MCP in Dev(Sec)Ops
- Demonstration – Using MCP for DevOps with Copilot
- Pitfalls and best practices
- “Vibe coding” and its implications
- Engineering concerns with MCP
- Security concerns of agentic development
- MCP’s effect on the attack surface
- MCP-specific attack vectors
- Demonstration – Attacking agentic Copilot
- Case study – Database leakage via Supabase MCP
- Hallucinations and ‘agentic death spirals’
- Token limits and context
- Context degradation with very large token counts
- Prompt engineering vs context engineering
- Context engineering from a developer’s perspective
- Context document examples
- Intelligent agents and GenAI
- Summary and takeaways
- Responsible AI principles in software development
- Generative AI – Resources and additional guidance
Pricing
1 day Session Price
750 EUR / person
- Live, instructor led classroom training
- Discussion and insight into the hacker’s mindset
- Hands-on practice using case studies based on high-profile hacks and live lab exercises
Customized course
Tailor a course to your preferences
- Send us a brief description of your business’s training needs
- Include your contact information
- One of our colleagues will be in touch to schedule a free consultation about training requirements
Inquiry
Interested in the trainings but still have some questions? Curious about how you can customize a training for your team? Send us a message and a team member will be in touch within 24 hours.
Related Courses
Code responsibly with generative AI in Java
CYDJvWeb3dCop
3 days
>
Audience
Java developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot, Gemini, Claude or others, enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
- Coding responsibly with GenAI
- The OWASP Top Ten from Copilot's perspective
- Wrap up
What you will learn
- Understanding the essentials of responsible AI
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Java
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of Java
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
- All this put into the context of GitHub Copilot
Code responsibly with generative AI in Python
CYDPyWeb3dCop
3 days
>
Audience
Python developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot, Gemini, Claude or others, enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
- Coding responsibly with GenAI
- The OWASP Top Ten from Copilot's perspective
- Wrap up
What you will learn
- Understanding the essentials of responsible AI
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Python
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of Python
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
- All this put into the context of GitHub Copilot
Code responsibly with generative AI in C#
CYDCsWeb3dCop
3 days
>
Audience
C# developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot, Gemini, Claude or others, enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
- Coding responsibly with GenAI
- The OWASP Top Ten from Copilot's perspective
- Wrap up
What you will learn
- Understanding the essentials of responsible AI
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in C#
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of C#
- Going beyond the low hanging fruits
- Managing vulnerabilities in third party components
- All this put into the context of GitHub Copilot
Code responsibly with generative AI in C++
CYDCpp3dCop
3 days
>
Audience
C/C++ developers using Copilot or other GenAI tools
Group size
12 participants
Labs
Hands-on
Description
Generative AI is transforming the software industry, with tools like GitHub Copilot, Gemini, Claude or others, enabling developers to achieve unprecedented levels of efficiency. While this is exciting progress, it also raises important concerns, encouraging stakeholders to approach these technologies with care. Current AI tools often lack the nuanced understanding necessary to address subtle, yet critical aspects of software development, particularly in the domain of security.
This course provides a comprehensive insight into the responsible use of generative AI in coding. Participants delve into topics in software development that are most likely to be impacted by careless use of generative AI, including authentication, authorization, and cryptography. The curriculum also includes an analysis of how AI tools like Copilot handle secure coding practices related to key vulnerabilities outlined in the OWASP Top Ten, such as path traversal, SQL injection, or cross-site scripting.
Through hands-on learning and experimenting, participants will get a solid understanding of both the strengths and limitations of AI-assisted development. In addition, case studies of real-world incidents showcase the consequences of insecure code and demonstrate the dual nature of generative AI as both a resource and a potential risk.
By the end of the course, developers will be equipped with the knowledge and skills to integrate AI tools into the software development lifecycle responsibly, enhancing efficiency without compromising security or product quality.
Outline
- Coding responsibly with GenAI
- Memory management vulnerabilities
- Memory management hardening
- Common software security weaknesses
- Using vulnerable components
- Wrap up
What you will learn
- Understanding the essentials of responsible AI
- Getting familiar with essential cyber security concepts
- Correctly implementing various security features
- Identify vulnerabilities and their consequences
- Learn the security best practices in C++
- Managing vulnerabilities in third party components
- Input validation approaches and principles
- All this put into the context of GitHub Copilot
Machine learning security
CYDMLPy
4 days
>
Audience
Python developers working on machine learning systems
Group size
12 participants
Labs
Hands-on
Description
The course bridges the two worlds of cybersecurity and machine learning. Starting from the core cybersecurity principles, it highlights how ML systems are exposed to threats – both pre-existing threats from the world of software security affecting these systems in unexpected ways and completely new kinds of threats that require a deeper understanding of adversarial machine learning.
The first step of understanding the security of ML is to analyze the relevant threats. We synthesize a threat model (the assets to protect, the security requirements, the attack surface, potential attacker profiles, and the actual threat model represented via attack trees) based on the existing threat models of NIST, Microsoft, BIML, and OWASP. We then explore the relationship of security and ML, from ML-driven static analysis tools and IDS to a brief glimpse at ML-assisted attack tools used by hackers today. We look at the most significant threats against Large Language Models (LLMs), following the OWASP LLM Top 10 2025 (among others). The bulk of the course deals with adversarial machine learning, and a detailed discussion of the four main attack subtypes: evasion, poisoning, model inversion, and model stealing as well as practical aspects of these attacks. Various labs on adversarial attack techniques (model editing, poisoning, evasion, transfer attacks, model inversion, model extraction) offer practical insights into vulnerabilities, while a discussion of defense techniques such as adversarial training, certified robustness, and gradient masking provide the possible countermeasures.
In the rest of the course we discuss some common software security weakness categories, such as input validation, improper use of security features, time and state, error handling and using vulnerable components, putting them in the context of machine learning wherever relevant. Finally, participants are equipped with a solid foundation in cryptography, covering essential knowledge and skills every developer should have as well as techniques of special interest for machine learning such as multiparty computation, differential privacy, and fully homomorphic encryption.
Outline
- Cyber security basics
- Machine learning security
- Input validation
- Security features
- Time and state
- Errors
- Using vulnerable components
- Cryptography for developers
- Wrap up
What you will learn
- Getting familiar with essential cyber security concepts
- Learning about various aspects of machine learning security
- Attacks and defense techniques in adversarial machine learning
- Input validation approaches and principles
- Identify vulnerabilities and their consequences
- Learn the security best practices in Python
- Correctly implementing various security features
- Managing vulnerabilities in third party components
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Python