← Back to SecureTheCloud Labs

Planned Track · AI Security Engineering · L2

AI Security Engineering L2 Track

A planned SecureTheCloud Labs intermediate track for learning how to engineer secure AI systems with prompt boundaries, tool permissions, retrieval controls, runtime guardrails, abuse controls, testing harnesses, and evidence packages.

StatusTrack Shell
LevelIntermediate / L2
ModulesPlanned: 9
RuntimeRead-only planning

Track Menu

Start Here

This track should be taken after the AI Governance Command Center Track. AI Governance teaches how to decide whether an AI workflow should be allowed, blocked, approved, escalated, or audited. AI Security Engineering teaches how to design AI systems so those controls are enforceable and testable.

Prerequisite Track Start with AI Governance Command Center before beginning this engineering sequence. Learning Path Reference Review the SecureTheCloud Labs starting point and learner flow. AI Track Sequence Review the intended AI learning sequence across Governance, Engineering, and Red Team tracks.

Planned Modules

The modules below are planned. They are not implemented as LAB pages in this phase.

1. AI Security Engineering Overview Introduce secure AI system design, core threats, control layers, and engineering boundaries.
2. Secure AI Application Architecture Teach frontend/backend separation, model boundary, API boundary, policy boundary, and evidence boundary.
3. Prompt Boundary Engineering Separate system instructions, developer instructions, user input, retrieved content, and tool outputs.
4. Tool Permission Engineering Design scoped tool permissions, action classification, approval gates, and self-approval prevention.
5. Retrieval Security Engineering Design secure RAG controls for source authority, tenant boundaries, sensitivity filtering, and poisoning defense.
6. Agent Runtime Guardrails Control loops, action limits, retry caps, escalation, kill switches, and safe terminal states.
7. AI Abuse, Cost, and Rate Limit Controls Govern token budgets, model calls, retrieval calls, tool retries, quota ceilings, and abuse detection.
8. AI Security Testing Harness Test prompt injection, tool hijacking, retrieval poisoning, data leakage, approval bypass, and runaway loops.
9. AI Security Evidence Package Package engineering evidence for security review, audit review, executive review, and readiness gates.

Prerequisites

Learners should complete the AI Governance Command Center Track first.

Recommended prerequisite:
AI Governance Command Center Track

Required concepts:
- AI governance command center purpose
- risk tiering
- policy gates
- human approval
- agent workflow governance
- prompt injection
- tool hijacking
- RAG data boundaries
- audit evidence
- cost and rate-limit governance

Track Relationship

The AI Security Engineering track is the next step after AI Governance Command Center and before a future AI Red Team Scenario Design track.

AI Governance Command Center
→ AI Security Engineering
→ AI Red Team Scenario Design

Governance question:
Should this AI workflow be allowed, approved, blocked, escalated, or audited?

Engineering question:
How do we design the AI workflow so those controls are enforceable and testable?

Track Boundary

This phase creates a static track shell only. It does not implement modules or create live controls.

Track shell created = true
LAB modules implemented in this phase = false
Backend exposure = false
Live model integration = false
Live tool execution = false
Live retrieval execution = false
Live approval workflow = false
Provider quota mutation = false
Runtime mutation = false
Production enforcement claim = false