AI Security: Defend LLM Apps Against the OWASP LLM Top 10

防御大模型OWASP十大威胁

本课程系统讲解如何识别并防御大语言模型应用的OWASP十大安全威胁，涵盖提示词注入、数据泄露与供应链风险实战攻防，助您保障生成式AI应用安全。

课程“AI Security: Defend LLM Apps Against the OWASP LLM Top 10”系统讲解如何识别并防御大语言模型应用中的 OWASP 十大安全威胁。课程内容涵盖提示词注入、数据泄露及供应链风险的实战攻防，并教授配置防护栏以保障生成式 AI 应用的安全。

Published 6/2026
Created by NEXUS ACADEMY
MP4 | Video: h264, 1920×1080 | Audio: AAC, 44.1 KHz, 2 Ch
Level: All Levels | Genre: eLearning | Language: English | Duration: 29 Lectures ( 3h 13m ) | Size: 1.3 GB

Break and secure LLM apps with hands-on labs covering the OWASP Top 10 for LLM Applications (2025).

What you’ll learn
⚡ Explain why LLM and GenAI apps break differently than traditional web apps, and threat-model them like an attacker.
⚡ Exploit and defend against prompt injection (LLM01) and improper output handling (LLM05) in a safe, sandboxed lab.
⚡ Prevent sensitive information disclosure (LLM02) and system prompt leakage (LLM07) with data minimization and secrets hygiene.
⚡ Harden the AI supply chain, RAG pipelines, and vector stores against poisoning and embedding attacks (LLM03, LLM04, LLM08).
⚡ Contain excessive agency (LLM06) and unbounded consumption (LLM10), and run a defense-in-depth program with guardrails and monitoring.

Requirements
❗ Working knowledge of web application security, APIs, and the ability to read code (Python or JavaScript).
❗ A computer that can run a local, sandboxed lab (Docker or a Python virtual environment). No prior AI/ML experience required.

Description
“This course contains the use of artificial intelligence.”

Large language models have moved from demos to production, and attackers have noticed. LLM-powered features introduce a new class of vulnerabilities that traditional web application security testing simply misses, and this hands-on course teaches you to find and fix them.

Built around the OWASP Top 10 for LLM Applications (2025 edition), the course pairs an offensive demo with a defensive lab for every major risk. You will learn why LLM apps break differently than classic web apps, stand up a safe, sandboxed vulnerable application, and threat-model GenAI systems like an attacker.

From there you will work through the full Top 10: Prompt Injection (LLM01), Sensitive Information Disclosure (LLM02), Supply Chain (LLM03), Data and Model Poisoning (LLM04), Improper Output Handling (LLM05), Excessive Agency (LLM06), System Prompt Leakage (LLM07), Vector and Embedding Weaknesses (LLM08), Misinformation (LLM09), and Unbounded Consumption (LLM10). You will exploit an over-privileged agent, poison a RAG knowledge base, steal a system prompt, and turn unsafe model output into XSS and command injection, then shut each attack down with input filtering, output encoding, least privilege, data minimization, and RAG hardening.

The course closes with a defense-in-depth program: guardrails, continuous LLM red teaming, monitoring, logging, and incident response. Every lab is reproducible, ethical, and vendor-neutral, drawing on OWASP, MITRE ATLAS, and the NIST AI Risk Management Framework. By the end you will have a practical LLM security checklist you can apply to your own applications immediately.

This course is for AppSec and security engineers, developers, and architects who are comfortable with web security and APIs and want to add LLM threats to their toolkit. No prior machine learning experience is required.

Who this course is for
⭐ AppSec and security engineers adding LLM and GenAI threats to an existing application-security practice.
⭐ Developers and architects building LLM-powered features who need to ship them securely.