This workshop takes you through the OWASP LLM Top 10 and MCP security via hands-on hacking labs. You will exploit real LLM application vulnerabilities and learn how to implement robust secure design patterns. Whether you build or break LLM applications, this workshop is for you.

We finish with a high-energy attack and defence wargame. Plenty of learning and fun, guaranteed.

Module 1 - Introduction

This opening module walks learners through recent real-world LLM security incidents and introduces the OWASP LLM Top 10. It gives attendees a fast, confidence-boosting overview of how and why AI applications fail and which threats matter most.

- Recent attacks and exploits
- Introduction to the OWASP LLM Top 10

Module 2 - LLM01: Prompt Injection

Participants dive into the most notorious LLM vulnerability. They learn how prompts are manipulated, explore different attack styles, and complete hands-on labs for identifying, exploiting, and remediating prompt-injection flaws.

- Introduction to prompt injection
- Prompt injection types
- LAB: Identification, exploitation, remediation

Module 2 - LLM05: Supply Chain Vulnerabilities

A deep look into the ML supply chain (TensorFlow, SciKit, etc.) and the risks of loading untrusted models or components. Learners observe malicious model behaviour, exploit poisoned artefacts, and apply hardening measures.

- Insecure deserialisation
- Introduction to TensorFlow
- Introduction to SciKit
- Handling untrusted ML models
- LAB: Exploiting malicious SciKit
- LAB: Exploiting malicious TensorFlow
- LAB: Securing TensorFlow and SciKit

Module 3 - MCP Security

This module examines the MCP protocol and the new attack surface it introduces. Learners explore attacks such as tool poisoning and cross-server tool shadowing, and apply practical defences.

- Introduction to MCP security
- Tool poisoning
- Cross-server tool shadowing
- Line jumping, tool collisions, etc.
- How to protect against them

Module 4 - Attack and Defence AI Wargame

A competitive wargame where participants attack and defend AI apps using everything learned throughout the workshop. This is consistently rated the highlight of the day.

- Attack and defence contest: prompt injection and prompt engineering

LEARNING OUTCOMES

- Understand the OWASP LLM Top 10 and MCP security through practical exercises
- Gain hands-on experience with real LLM threats and exploitation techniques
- Learn how to implement effective security controls for LLM applications

REQUIREMENTS

- MacBook, Linux laptop, or Windows laptop with WSL/VM
- Docker, git, and make installed
- Latest version of Firefox, Brave, or Chrome
- A passion for learning

WHAT TO BRING

- A laptop

STUDENTS RECEIVE

- Certificate of completion
- Access to all theoretical and practical workshop content
- Access to all labs, exercises, and challenges locally and on the SecDim wargame platform
- 2 months of additional self-paced git-based labs on the SecDim wargame platform
- Access to a private Q&A forum for post-workshop questions