Cyber Everywhere, AI in Everything

"What AI is actually in your organization — including the parts you didn't authorize"

Most organizations don't start with an AI strategy. AI creeps in through employees, vendors, and developer tools long before anyone draws a diagram of it. Day 1 grounds participants in how AI systems behave differently from traditional software, where AI shows up across modern organizations, and how to find what's already there. The day combines foundational theory with hands-on discovery work using simulated organizational environments.

Topics covered: AI system fundamentals and trust boundaries, shadow AI discovery, AI in the software development lifecycle, AI inventory methodology, hands-on practice with simulated AI deployments.

"Structured testing of AI systems — and learning to communicate as things break"

Once you know what AI is in your environment, you need to understand how it actually fails. Day 2 covers the major classes of AI vulnerabilities — prompt injection, output handling, RAG exploitation, agentic tool misuse, and supply chain risk — and gives participants structured testing experience against the simulated environments. The day also includes a communication block addressing what happens when findings emerge: who needs to know, what gets written down, and how to work with legal during AI-related incidents.

Topics covered: OWASP LLM Top 10 and MITRE ATLAS in practice, AI-specific testing techniques, structured test planning and execution, incident communication with internal and external stakeholders, regulatory considerations.

• ✓ Homework assignments to reinforce knowledge from Days 1 & 2
• ✓ Two conference calls for discussion, Q&A, and preparation
• ✓ Peer collaboration and knowledge sharing

"Fix what you can, build the practices that prevent recurrence"

Testing produces findings. Day 3 turns those findings into action. Participants work through defensive patterns for AI systems and apply them directly to the issues uncovered on Day 2. The work covers both technical fixes and the engineering practices that prevent the same problems from reappearing. Each team also produces internal guidance grounded in the choices they actually made, not generic policy language.

Topics covered: AI defensive patterns and architectural choices, agent authorization and scoping, human-in-the-loop design, monitoring AI-specific signals, secrets and data handling, prioritization and residual risk, engineering guidance development.

"Make AI security an ongoing practice — and explain it to people who don't work for you"

By Day 4, participants have an inventory, know how things break, and have started fixing. The final day is about turning that into a sustainable practice and explaining it clearly to audiences with very different expectations. Theory covers the AI governance landscape and what to watch for in the next 18 months. The practical work has participants produce real artifacts — a risk assessment, an acceptable use policy, an external posture statement — and then defend them in simulated meetings with executives and customers.

Topics covered: AI governance frameworks (EU AI Act, NIST AI RMF, ISO 42001), risk assessment for probabilistic systems, acceptable use policy development, executive and board-level communication, customer and procurement conversations, regulatory posture.

• ✓ Week 1 — Each participant produces an AI inventory of their own organization, shared in a small-group facilitated call
• ✓ Week 2 — Each participant brings one finding and proposes a control, with peer feedback and facilitator guidance
• ✓ Cross-context discussion across SaaS, medical, logistics, and other environments
• ✓ "Ask Me Anything" implementation support window
• ✓ Private Discord forum for ongoing peer support