--- url: "https://xcademia.com/courses/agentic-ai-threats-and-autonomous-cyber-defence" title: Agentic AI Threats and Autonomous Cyber Defence description: "Three-day advanced training for security architects on agentic AI attack surfaces, prompt injection, tool poisoning, MLSecOps, EU AI Act & AI governance." publishedAt: "2026-04-14T06:08:46.403804+00:00" updatedAt: "2026-04-24T10:27:50.271895+00:00" type: course code: "CYB-0184" level: Professional duration_days: "3" track: "Cyber Warfare & Advanced Threat Defence" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "4295" --- # Agentic AI Threats and Autonomous Cyber Defence > An advanced programme for security architects and AI security engineers covering the emerging threat posed by autonomous AI agents conducting multi-stage attacks, prompt injection and agent hijacking vulnerabilities, and the security design requirements for enterprise agentic AI deployments. Build the capability to assess agentic AI attack surfaces, design security controls for AI agent pipelines, apply MLSecOps principles, and produce a governance framework for safe autonomous AI deployment. ## Overview Agentic AI systems are moving from research environments into enterprise production at significant pace. Multi-agent architectures that autonomously conduct reconnaissance, draft communications, execute transactions, and call external APIs are already deployed across financial services, healthcare, and government. These systems introduce attack surfaces that did not exist three years ago: prompt injection attacks that hijack agent behaviour, tool poisoning in MCP and API-connected pipelines, and the possibility of AI agents becoming unwitting participants in multi-stage cyberattack chains. Over three mentor-led days, participants assess the threat posed by autonomous AI agents conducting attacks, identify prompt injection and agent hijacking vulnerabilities across enterprise agentic deployments, design security controls for AI agent pipelines that maintain operational capability while preventing misuse, apply MLSecOps principles to secure AI systems from adversarial manipulation at scale, and build governance frameworks for responsible agentic AI deployment in security-critical environments. The programme concludes with a security review capstone: participants assess a simulated agentic AI deployment, identify all attack surfaces, produce a hardening plan, and design a governance framework for safe operation. This course is aligned with MITRE ATLAS, EU AI Act high-risk system requirements, NCSC AI security guidance, and emerging agentic AI security standards from major AI safety bodies. ## Prerequisites - Professional experience in security architecture, AI security engineering, SOC leadership, or CISO advisory roles. - Solid understanding of AI and machine learning concepts and enterprise software architecture. - Completion of AI-Powered Attacks and Autonomous Threat Defence (X-CWAI-P) or equivalent knowledge recommended. ## What you will learn - Assess the threat posed by autonomous AI agents conducting multi-stage cyberattacks without human direction. - Identify prompt injection and agent hijacking vulnerabilities in enterprise agentic AI deployments. - Design security controls for AI agent pipelines that maintain operational capability while preventing misuse. - Apply MLSecOps principles to secure agentic AI systems from adversarial manipulation at production scale. - Build an identity and access management framework for AI agents as non-human identities. - Advise on the governance of autonomous AI systems in security-critical environments within EU AI Act requirements. - Produce a security review, hardening plan, and governance framework for an enterprise agentic AI deployment. ## Skills you will gain - Agentic AI attack surface assessment - Prompt injection vulnerability identification - Tool poisoning and MCP security review - AI agent pipeline security design - IAM for non-human AI agent identities - MLSecOps for agentic systems - EU AI Act compliance assessment - Agentic AI governance framework design - Agent behaviour anomaly detection - Agentic AI incident response planning ## Career progression - AI Security Architect - AI Security Engineer - SOC Lead - CISO - Technology Director - AI Governance Lead ## Curriculum 1. **Module 1: Getting Ready** - Pre-reading: MITRE ATLAS agentic AI threat sections and NCSC AI security guidance overview - Introduction to agentic AI architecture: agents, tools, orchestrators, and memory components - Lab environment setup: simulated agentic AI deployment for security review exercises - Course objectives, AI security architecture baseline assessment, and individual development focus areas 2. **Module 2: What Agentic AI Is and Why It Changes the Threat Landscape** - Defining agentic AI: autonomous systems that perceive, decide, and act across multi-step task horizons - Multi-agent architectures: how networks of specialised agents collaborate on complex enterprise workflows - Why agentic AI creates attack surfaces that traditional application security does not address - Real-world agentic deployments: financial services, healthcare, legal, and government use cases in production - The threat timeline: from agentic AI as research curiosity to enterprise attack surface in under three years 3. **Module 3: Autonomous AI Agents as Attack Tools** - Multi-agent systems conducting reconnaissance, exploitation, and exfiltration autonomously without human direction - AI-driven lateral movement: agents that discover and exploit pathways through enterprise networks - Automated spearphishing workflows: agents that research targets, draft messages, and manage multi-turn conversations - AI-driven vulnerability scanning: autonomous discovery and prioritisation of exploitable weaknesses at scale - Real-world examples of agentic AI used in offensive security research and documented attacker tooling 4. **Module 4: Prompt Injection: Direct and Indirect** - What prompt injection is and why it is the defining vulnerability class for agentic AI systems - Direct prompt injection: crafting user inputs that override system instructions in single-agent applications - Indirect prompt injection: embedding malicious instructions in content retrieved and processed by an agent - Prompt injection in multi-agent systems: hijacking downstream agent behaviour through upstream manipulation - Hands-on exercise: identify and exploit prompt injection vulnerabilities in a simulated agentic application 5. **Module 5: Tool Poisoning and MCP Security** - How tool poisoning works: substituting malicious tool definitions in agent tool registries - Model Context Protocol (MCP) security: attack surfaces in the protocol connecting agents to external services - API-connected agent risk: what happens when an agent with write access to email is compromised via injection - Trust hierarchies in multi-agent systems: which agent has authority to instruct which, and how attackers exploit ambiguity - MCP security review practical: assess a simulated MCP server configuration for injection and poisoning vulnerabilities 6. **Module 6: Securing AI Agent Pipelines** - Input validation for agentic systems: designing controls that detect and block injection attempts at entry - Output filtering and content inspection: reviewing agent outputs before they reach sensitive tools or systems - Sandbox isolation for autonomous agents: containing agent actions within defined operational boundaries - Privilege separation for AI agents: least-privilege design for tool access, API scopes, and data permissions - Agent action logging: building comprehensive audit trails for agent decisions and external tool invocations 7. **Module 7: Identity and Access Management for AI Agents** - Treating AI agents as non-human identities: applying IAM principles designed for human users to autonomous systems - Agent authentication: how agentic systems prove their identity to tools, APIs, and data stores - Dynamic credential management for agents: short-lived credentials, just-in-time access, and audit integration - Detecting compromised or hijacked agents: behavioural anomaly detection for non-human identity activity - Revoking agent access during an incident: killing agent sessions and isolating compromised pipelines 8. **Module 8: MLSecOps for Agentic AI Systems** - Extending MLSecOps to cover agentic components: training data, model weights, tool definitions, and system prompts - Supply chain security for AI agents: provenance verification for base models and tool libraries used in pipelines - Continuous security testing for agentic deployments: automated adversarial testing in CI/CD pipelines - Model drift and behavioural anomaly detection: identifying when agent behaviour deviates from baseline - Incident response for a compromised or manipulated agentic AI system in production operation 9. **Module 9: EU AI Act: High-Risk AI System Requirements** - EU AI Act classification: which agentic AI deployments qualify as high-risk systems under the regulation - Technical documentation and risk management obligations for high-risk agentic AI systems - Human oversight requirements: when autonomous agent action requires mandatory human-in-the-loop confirmation - Conformity assessment obligations: internal assessment versus third-party audit for high-risk systems - UK AI governance landscape: current and emerging regulatory expectations for autonomous AI deployment 10. **Module 10: Governance Framework for Safe Agentic AI Deployment** - Defining acceptable use boundaries for autonomous agents in security-critical operational environments - Approval and oversight workflow design: what decisions agents can make autonomously versus requiring human sign-off - Incident and misuse reporting framework for agentic AI systems in regulated organisations - Staff training requirements: how to prepare people who work alongside autonomous AI agents daily - Governance review cycles: keeping agentic AI governance frameworks current as capabilities evolve rapidly 11. **Module 11: Capstone: Agentic AI Deployment Security Review** - Conduct a complete security review of a simulated enterprise agentic AI deployment - Identify all attack surfaces: injection points, tool abuse vectors, data access risks, and identity weaknesses - Produce a comprehensive hardening plan with prioritised controls and implementation guidance - Design a governance framework for safe deployment that addresses EU AI Act high-risk requirements - Present findings and framework to a simulated CISO and board audience with instructor debrief ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions **Who is this course designed for?** Security architects, AI security engineers, SOC leads, CISOs, and technology directors with responsibility for deploying or securing agentic AI systems in enterprise or government environments. **Do I need prior experience with agentic AI?** Familiarity with AI concepts and enterprise software architecture is required. Prior hands-on experience with agentic AI frameworks is helpful but not mandatory, as the programme builds from agentic architecture foundations. **Is the EU AI Act covered in depth?** Yes. High-risk AI system classification, technical documentation requirements, human oversight obligations, and conformity assessment requirements under the EU AI Act are covered in a dedicated session. **What do I leave with?** A Certificate of Achievement, a complete agentic AI deployment security review, a hardening plan, an EU AI Act governance framework, and a personal action plan. **Does this course need an exam?** No. Assessment is through practical exercises and the Day 3 capstone security review. Completion requires full attendance and delivery of the capstone security review and governance framework. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0184 | | Duration | 3 days | | Level | Professional | | Track | Cyber Warfare & Advanced Threat Defence | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £4295 | --- ## About this content This Markdown course profile is the citation-grade twin of [Agentic AI Threats and Autonomous Cyber Defence](https://xcademia.com/courses/agentic-ai-threats-and-autonomous-cyber-defence). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/agentic-ai-threats-and-autonomous-cyber-defence - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt