VW Mobile Application Security & Artificial Intelligence (AI)
Overview
This 10 days course offers a comprehensive introduction to artificial intelligence (AI), its applications within the mobile ecosystem and beyond, and the governance frameworks shaping its use.
The course begins by exploring AI’s foundational concepts, emphasising its dependence on high-quality data. It examines various AI techniques, fields and applications while assessing both the strengths and limitations of the technology.
A key focus is the impact of AI on mobile telecommunications and other industries. Participants will explore how AI is transforming mobile networks through automation, predictive maintenance, and enhanced customer experiences. The course also addresses key challenges faced by organisations seeking to harness AI’s full potential.
The concept of responsible AI is introduced, highlighting its benefits and practical implementation strategies. Additionally, the course examines AI governance, analysing how global organisations and governments are addressing regulatory challenges. Special attention is given to the EU’s AI Act and its risk-based approach, which is expected to be influential on other AI regulations worldwide.
Course Objectives
Gain a solid understanding of AI’s foundational principles and applications.
Assess AI’s impact on various industries, with an emphasis on mobile telecommunications.
Explore responsible AI principles and strategies for implementation.
Evaluate international approaches to AI governance and regulation.
Course Enrolment Criteria
This course is open to:
Regulators
Policymakers
Representatives from academia and international organisations working on regulatory or policy issues
Chapter 1: Introduction to AI Security
· Course Introduction (About the course, syllabus, and how to approach it)
· About Certification and how to approach it
· Course Lab Environment
· Lifetime course support (Mattermost)
· An overview of AI Security
· Basics of AI and ML
· What is AI?
· History and evolution of AI
· Key concepts in AI
· Types of AI
· Narrow AI vs. General AI
· Supervised Learning
· Unsupervised Learning
· Reinforcement Learning
· Natural Language Processing (NLP)
· Computer Vision
· Core Components of AI Systems
· Algorithms and Models
· Data
· Computing Power
· Introduction to Machine Learning
· What is Machine Learning?
· Differences between AI and ML
· Key ML concepts
· Retrieval Augmented Generation
· Basics of Deep Learning
· What is Deep Learning?
· Introduction to Neural Networks
· Brief overview of Convolutional Neural Networks (CNNs)
· Hands-on Exercise:
· Learn how to use our browser-based lab environment
· Setup Invoke Ai a creative visual AI tool
· Create a chatbot with Python and Machine learning
· Text classification with TensorFlow
· Implementing Duckling for converting Text into Structured Data
Chapter 2: Attacking and Defending Large Language Models
· Introduction to Large Language Models
· Definition of Large Language Models
· How LLMs work
· Importance and impact of LLMs in AI
· Understanding LLM’s
· GPT (Generative Pre-trained Transformer)
· BERT (Bidirectional Encoder Representations from Transformers)
· Training and Augmenting LLMs
· Foundational model and fine tuned model
· Retrieval augmented generation
· Use Cases of LLMs
· Text Generation
· Text Understanding
· Conversational AI
· Attack Tactics and Techniques
· Mitre ATT&CK
· Mitre ATLAS matrix
· Reconnaissance tactic
· Resource development tactic
· Initial access tactic
· ML model access tactic
· Execution tactic
· Persistence tactic
· Privilege escalation tactic
· Defense evasion tactic
· Credential access tactic
· Discovery tactic
· Collection tactic
· ML attack staging
· Exfiltration tactic
· Impact tactic
· Real-World LLM attack tools on the internet
· XXXGPT
· WormGPT
· FraudGPT
Hands-on Exercises:
· Scanning an LLM for agent based vulnerabilities
· Attacking AI Chat Bots
· Perform adversarial attacks using text attack
· Perform Webscraping using PyScrap
· Hide data in images using StegnoGAN
· Adversarial Robustness Toolbox
· Bias Auditing & “Correction” using Aequitas
Chapter 3: LLM Top 10 Vulnerabilities
· Introduction to the OWASP Top 10 LLM attacks
· Prompt Injection
· System prompts versus user prompts
· Direct and Indirect prompt injection
· Prompt injection techniques
· Mitigating prompt injection
· Insecure Output Handling
· Consequences of insecure output handling
· Mitigating insecure output handling
· Training Data Poisoning
· LLM’s core learning approaches
· Mitigating training data poisoning
· Model Denial of Service
· DoS on networks, applications, and models
· Context windows and exhaustions
· Mitigating denial of service
· Supply Chain Vulnerabilities
· Components or Stages in an LLM
· Compromising LLM supply chain
· Mitigating supply chain vulnerabilities