Pilot-Durchführung: Date to be confirmed · Location to be confirmed · CHF 200 instead of regular CHF 1,200
1 day On-site or remote Max. 12 Teilnehmer

Secure Agentic Coding

How secure development changes when AI writes the code

Reserve pilot seat (CHF 200) Request in-house training

What this course is not

  • Not a compliance training — no OWASP checklists without engineering context
  • Not a security introduction for junior developers without AI experience
  • Not a generic AI tool overview — but security architecture for agentic workflows

1 Für wen

  • Senior software developers and architects who actively use AI coding assistants
  • Security champions and DevSecOps engineers in AI-driven teams
  • Tech leads responsible for the secure use of AI agents

2 What you can do after the course

  • Include AI agents in your threat model: STRIDE extended to agentic workflows
  • Write security specs and global guardrails — as structural controls instead of per-feature instructions
  • Automatically validate AI-generated code against security specs — using a reviewer agent or CI security gate as a defence against AI-driven vulnerability discovery
  • Build automated security gates: integrate Semgrep, Gitleaks and dependency scanning into CI/CD
  • Apply least privilege to agents: deliberately restrict filesystem, network, tools and scope

3 Content in detail

  • Understand the new threat landscape: prompt injection, hallucinated dependencies, rubber-stamping effect
  • Include the agent in your threat model: STRIDE extended to AI workflows
  • Write security specs and global guardrails (security-policy.md, CLAUDE.md)
  • Build automated security gates: SAST, SCA, secrets scanning in CI/CD
  • Apply secure-by-design architecture: structural guardrails instead of per-feature instructions

Agenda

Morning: Threat landscape & threat modelling

  • Why AI applies security patterns inconsistently — and why that’s dangerous
  • New attack vectors: prompt injection, hallucinated packages, context window poisoning
  • STRIDE extended to AI agents: treating the agent as a trust boundary
  • Exercise 1: Prompt a login form without security requirements — analyse the gaps
  • Exercise 2: Build a threat model for an agent workflow

Afternoon: Guardrails, architecture & automation

  • Security specs and global agent instructions (security-policy.md, CLAUDE.md)
  • Automated gates: SAST, SCA, secrets scanning in CI/CD
  • Secure-by-design: middleware, ORM and typing as structural guardrails
  • Least privilege for agents: filesystem, network, tools, scope
  • Exercise 3: Build guardrails and set up a reviewer agent as an automated security gate
  • Exercise 4: Define secure architecture — structural guardrails instead of per-feature fixes
  • Exercise 5: Secure Dark Factory simulation — full run with Semgrep, npm audit and Gitleaks

Method

Hands-on throughout: the login feature from Exercise 1 is built without guardrails, secured step by step, and completed as a full Secure Dark Factory simulation with Semgrep, npm audit and Gitleaks.

Prerequisites

  • Several years of professional software development
  • Active experience with at least one AI coding assistant (Claude Code, Cursor, GitHub Copilot or equivalent)
  • No prior security knowledge required — security fundamentals are covered hands-on during the course

FAQ

What tool do I need to bring? None. All exercises run in GitHub Codespaces — you only need a browser and a GitHub account. Semgrep, Gitleaks and npm audit are pre-configured.

I have no security experience. Is that a problem? No. Prior security knowledge is not a prerequisite — the course builds the relevant foundations hands-on. What is required: development experience and active use of an AI coding assistant.

What happens if the pilot doesn’t reach minimum participants? The pilot price of CHF 200 is fully refunded if the course cannot take place. You will be notified in good time.

Is the course relevant for greenfield projects or legacy codebases? Both. The patterns shown — security specs, guardrails, automated gates — apply regardless of project age. In legacy codebases the risk from uncontrolled AI-generated code is often even higher.

When does the regular course take place? The pilot price applies exclusively to the first run. The regular course will be offered at CHF 1,200 per person afterwards. Sign up to the waiting list if you miss the pilot.

Verwandte Kurse

Spec Driven Design with AI

How senior devs use AI coding assistants productively — without hallucinations, regressions and corrupted tests.