<\!DOCTYPE html> AI Security Training — Nixer Learn <\!-- HERO -->
AI Security Training — Free Curriculum

Learn to Secure
Your AI Agents

Four free hands-on modules covering the most exploited AI attack vectors. Real attacks, real code, real remediation.

4 Free Modules
3+ Premium Modules
120+ Min of Content
17+ Detection Rules
<\!-- MODULE CARDS -->

The AI Security Curriculum

Four modules from prompt injection basics to CI/CD pipeline hardening. Each includes a live scan exercise and a printable reference guide.

<\!-- MODULE 1: Prompt Injection -->
Module 01
Intro to Prompt Injection
The single biggest attack surface in AI today
Beginner · 15 min

Prompt injection is the art of crafting inputs that manipulate an AI agent into unintended behavior. From casual jailbreaks to catastrophic data exfiltration, it is the biggest attack surface in AI systems today.

  • Direct vs indirect injection — and why indirect is more dangerous
  • Simon Willison's real-world Claude data exfil attack walkthrough
  • Three Nixer detection rules with live scan exercise
  • Mitigations: privilege separation, sanitization, system prompt hardening
<\!-- MODULE 2: Tool Abuse -->
🔧
Module 02
Tool & Function-Calling Abuse
When agents have too much access
Beginner · 20 min

Tool abuse is what happens when an agent has more tools than its job requires — or when attacker-controlled data flows into tool outputs. From customer-support refund fraud to coding agent shell compromise.

  • Three subclasses: excessive agency, confused deputy, tool-output injection
  • Walkthrough A: customer support agent refund fraud via [TOOL:] injection
  • Walkthrough B: coding agent shell compromise via malicious npm README
  • Defender checklist: least-privilege scoping, output sanitization, allowlists
<\!-- MODULE 3: RAG Poisoning -->
🗄
Module 03
RAG Poisoning
When attackers corrupt the data your LLM retrieves
Intermediate · 15 min

RAG pipelines trust everything they retrieve. Attacker-controlled documents flow directly into LLM context — making corpus poisoning one of the stealthiest attack paths in production AI systems.

  • Two subclasses: direct corpus poisoning vs indirect via web fetching
  • Walkthrough A: enterprise KB assistant exfiltrating user queries
  • Walkthrough B: coding agent backdoor via SEO-poisoned page
  • Three Nixer rules: rag-corpus-integrity-missing, fetched-content-unsandboxed, output-attribution-missing
<\!-- MODULE 4: CI/CD Security -->
⚙️
Module 04
CI/CD Security for AI Pipelines
Supply chain attacks, workflow poisoning, secrets in the loop
Intermediate · 25 min

AI pipelines are CI/CD pipelines — and CI/CD has its own class of attacks. Supply chain compromise, workflow injection, and secret exfiltration are real threats that don't show up in model benchmarks.

  • pull_request_target + head checkout: the critical misconfiguration
  • Script injection via unescaped ${{ github.event.* }} expressions
  • Unpinned third-party actions and supply chain risks
  • How the Nixer GitHub Action catches these in every PR
<\!-- PREMIUM -->

Full Curriculum — Pro Access

Deep-dive modules covering advanced AI security topics for working security engineers. Certificate on completion.

🔒
Module 04
MCP Server Security
Model Context Protocol attack surface and hardening
Intermediate · 30 min

MCP servers are the new attack surface. Learn how to audit MCP tool definitions, identify privilege escalation paths, and harden your agent toolchain.

🔒
Module 05
Model Supply Chain Security
Weights, weights everywhere — and which ones to trust
Advanced · 40 min

From HuggingFace model poisoning to base model backdoors. How to audit your model sources and detect compromised weights before they hit production.

🔒
Module 06
Cloud Accounts & Agent Access
IAM misconfigurations that give your agent the keys to the kingdom
Advanced · 35 min

Agents with cloud credentials are a different threat model. Learn the IAM patterns that turn a well-intentioned agent into a data exfiltration vector — and how to scope them safely.

Get Pro Access

Full curriculum + certificate + team seats. Book a demo and we'll walk through the curriculum and pricing.

Book a Demo
<\!-- GET NEXT MODULE — EMAIL CAPTURE -->

Get the Next Module in Your Inbox

New modules drop monthly. Enter your email and we'll notify you — plus send the remediation checklist for each module you've unlocked.

You're on the list.
We'll send each new module as it drops. No spam — one email per module.
No spam. Unsubscribe in one click.
<\!-- CERTIFICATE -->

Earn a Certificate

Complete all modules and receive a verified Nixer AI Security certificate — shareable on LinkedIn.

Certificate of Completion
Alex Chen
Nixer AI Security Fundamentals
Verified · Nixer · 2026
Get Access — Book Demo
<\!-- PDF GATE MODAL -->
📄

Get the PDF Reference Guide

Enter your email to get the print-friendly reference guide for this module — includes all attack patterns, detection rules, and remediation steps.

No spam. Unsubscribe any time.