From secure prompting to agent hardening: a hands-on day for development teams.
Overview
AI coding assistants such as GitHub Copilot, Claude Code, and Cursor now write a substantial share of production code, and that code is measurably less secure than it looks: Veracode’s 2025 GenAI Code Security Report found security vulnerabilities in 45 % of coding tasks across more than 100 LLMs (Java: over 70 %, XSS: 86 % failure rate). As early as 2022, the NYU study “Asleep at the Keyboard?” showed that around 40 % of Copilot-generated programs were vulnerable. A Stanford study also demonstrates that developers using an AI assistant write less secure code while believing it is more secure than the control group without AI. At the same time, the AI toolchain itself is becoming an attack surface: prompt injection via ticket texts and READMEs, malicious connected servers, agents with excessive permissions, and hallucinated packages. According to a USENIX Security study, 19.7 % of the dependencies suggested by LLMs do not exist.
In this one-day, hands-on course you will learn to use AI assistants in a way that brings speed and security together. You will learn which vulnerability patterns AI code typically contains, how to pin down security requirements before the first prompt, how to give the AI a security guideline that takes effect on every code generation, how to review AI code efficiently and adversarially, and how to harden your development environment itself against attacks. The course closes with automated guardrails in the workflow and a joint debrief. A large part of the course consists of labs in prepared exercise environments.
Agenda
| Time | Module | Content |
|---|---|---|
| 09:00-09:30 | Welcome & State of Play | How Copilot, Claude Code & Cursor work; the numbers on vulnerability rates; why “runs on the first try” is the most dangerous signal |
| 09:30-10:30 | Typical Vulnerabilities in AI Code | Why AI-generated code fails differently (and predictably) than human-written code; which classes of flaws keep recurring and how to spot them in daily work. Lab: find and exploit vulnerabilities in real AI-generated code |
| 10:30-10:45 | Break | |
| 10:45-11:30 | Security Before the Prompt | Lightweight threat modeling for features; phrasing security requirements as acceptance criteria. Lab: threat analysis for a sample story |
| 11:30-12:30 | Secure Prompting & Security Guardrails | Writing secure prompts; giving the AI a security guideline that applies project- and organization-wide on every code generation. Lab: rewrite insecure prompts, create your own security guideline for the assistant and measure its effect |
| 12:30-13:30 | Lunch break | |
| 13:30-14:30 | Reviewing AI Code | Review checklist for AI diffs; risks of AI-suggested dependencies; security tests the AI will not write on its own. Lab: adversarial review and AI-assisted generation of security tests |
| 14:30-15:30 | The AI Toolchain as Attack Surface | Prompt injection via issues, comments, docs; risks of connected tools and servers; agent permissions, sandboxing, secrets protection. Lab/demo: injection attack on an agent and hardening of the configuration |
| 15:30-15:45 | Break | |
| 15:45-16:45 | Guardrails & Automation | Automated security checks in the AI workflow; guardrails that stop violations before code is created; metrics and team rollout |
| 16:45-17:00 | Wrap-up & Debrief | Joint debrief, resource list, transfer to daily work, feedback |
Key Facts
- 1 day, 9:00-17:00, largely hands-on
- Audience: developers, tech leads, DevSecOps and AppSec engineers
- Prerequisites: programming experience; your own laptop with Docker installed locally, the exercise environment is provided
Methodology
Learning by doing is one of the most important paradigms. More about the training methodology here.
Trainer
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.
Testimonials
+ Sehr guter Anteil konkreter Übungen!
Anonym, IT-Beratungsbranche
+ Wichtige Bereiche wurden immer mit der “Übersichtskarte” gezeigt.
+ Guter Rundumblick
Schönes Beispiel aus der Praxis von docker12321 🙂
Anonym, Versicherungsbranche
interaktiver Ansatz gefällt mir gut!
Anonym, Versicherungsbranche
Beispielseiten wie die “Check Security Header” gefallen mir sehr gut.
Anonym, Versicherungsbranche
Sehr gute Idee, dass einem Zeit gelassen wird die praktischen Aufgaben direkt zu machen und gewartet wird, dass wirklich alle fertig sind (indem alle die Hand heben). Gut waren auch die Anzahl an Übungen und die erklären dazu was denn genau passiert. Auch die Themen der Übungen wurden gut gewählt, sodass man versteht, was die Tools machen und wie sie funktionieren
Anonym, Versicherungsbranche
Gute Übungen, die einen sinnvollen Lerneffekt hatten
Anonym, Versicherungsbranche
Sehr angenehme Einführung in das Thema des Threads Modelling, sodass man sich schon selbst Gedanken bezüglich der potentiellen Threats machen kann.
Anonym, Versicherungsdienstleister
Wir müssen uns alle an die aktuelle Situation gewöhnen. Insofern war heute alles cool! Vielen Dank
Anonym, Versicherungsbranche
(Hinweis: Erster Workshop beim Corona-Start)
Angenehm aufbereitet. Vor allem die praktischen Beispiele helfen immer enorm!
Anonym, Versicherungsdienstleister
Viele Übungen; einiges an Input, aber durch den Praxisbezug sehr verständlich! Nicht nur firmenbezogenen, sondern auch für die private Anwendung interessant
Anonym, IT-Beratungsbranche
Arrange a free initial consultation
References
- Veracode, 2025 GenAI Code Security Report (veracode.com)
- Pearce et al., “Asleep at the Keyboard?”, IEEE S&P 2022, arxiv.org/abs/2108.09293
- Perry et al., “Do Users Write More Insecure Code with AI Assistants?”, ACM CCS 2023, arxiv.org/abs/2211.03622
- Spracklen et al., “We Have a Package for You!”, USENIX Security 2025, arxiv.org/abs/2406.10279