AI Security AcademyDefend PillarMap • Attack • Defend • Evidence

Make the secure AI path the easy path. Build the platform teams actually use.

The course that teaches platform and security teams to design model gateways, provider routing, access controls, logging, redaction, and agent execution controls that are observable, enforceable, and developer-friendly.

Model gatewaysas control points

Provider routingby policy and data class

Logging and redactionwithout data sprawl

Agent executionwith approval and audit

Start this course View print edition

Built for platform engineers, internal developer-platform teams, DevOps, SRE, AI infrastructure, cloud security, security architects, AppSec, and governance teams.

What you'll master

Go from shadow AI sprawl to observable platform control

Map the platform threat model
keys, routes, data, and tools
Route model access
through approved paths
Enforce policy at runtime
classification, redaction, quota
Produce audit evidence
for incidents and governance

Live preview

Buyer Question

Can this team call a model provider directly with customer data?

Platform control

Gateway Decision Framework

Identify app and environment
Classify data and use case
Route through approved provider
Log policy and quota decisions

Platform Evidence

Gateway Route
Policy Decision
Redaction Status
Quota Event
Trace ID

Platform impactAI usage becomes observable

Built for your reality

Platform Engineers

Build gateway, routing, and paved-path patterns developers actually adopt.

DevOps & SRE

Design quotas, telemetry, budgets, and incident response for AI platforms.

Cloud Security

Create enforceable control points for model access, keys, data, and routes.

Product Security

Apply policy and classification where AI usage actually runs.

Governance Teams

Show evidence that AI usage is observable, controlled, and auditable.

Policy needs a platform path

This course gives technical teams the gateway design, routing policy, logging model, RAG boundary controls, agent execution rules, telemetry, and rollout plan needed to govern AI adoption.

15+

Years in AI security, AppSec & enterprise

Public case studies

60+

Public work examples

Enterprise experience

SplunkForescoutDevoCornerstoneUnumDisneyDefence& more

“If your approved AI path is harder than grabbing a provider key, shadow AI is what you'll actually ship.”

AI Security Academy

Why this course exists

Every team building its own model path is the risk

Direct provider keys, inconsistent prompt logging, weak redaction, unmanaged quotas, unclear tenant boundaries, and uncontrolled agent tools create security and governance gaps that policy alone cannot close.

The durable solution is a paved platform path: approved model access that is observable, policy-aware, developer-friendly, and evidence-producing. This course shows you how to design and roll it out.

Heads up

The enterprise problem

Policy documents do not enforce anything. If the approved AI platform path is harder than direct provider use, shadow AI grows — and your control points never get built.

Comparison

What changes after this course

Before — every team rolls its own access

Provider keys are scattered across teams with no shared control point
Prompt logging and redaction are inconsistent or missing
Quotas, budgets, and tenant boundaries are unmanaged
Agent tools execute with no approval or audit trail

After — a paved, observable platform path

A model gateway gives you one enforceable control point
Logging, redaction, and policy run at model-access time
Quotas, budgets, and tenant boundaries are designed in
Telemetry produces the evidence audits and incidents need

Audience action grid

Who it's for

Platform & internal developer-platform engineers

Gateway, routing, and paved-path patterns that developers adopt.

DevOps, SRE & AI infrastructure teams

Quotas, telemetry, and incident-response design for AI platforms.

Cloud security teams & security architects

Enforceable control points for model access and data.

Product security, AppSec & SecOps

Policy and classification applied where it actually runs.

Engineering managers & AI governance teams

Evidence that AI usage is observable and controlled.

Checklist

What you'll be able to do

Map AI platform threat models.
Design approved provider routing and access patterns.
Explain model gateway architecture and its control points.
Manage secrets, keys, quotas, budgets, and rate limits.
Design prompt and context logging with redaction.
Enforce policy and data classification at model-access points.
Protect RAG, vector store, and tenant boundaries.
Control agent tool execution and approvals.
Design telemetry, observability, and incident response for AI platforms.
Build a secure AI gateway platform plan.

Program at a glance

Modules

Hands-on labs

Platform plan

Delivery formats

Curriculum

10 modules

01AI Platform Threat Model
02Approved Provider Routing and Access Patterns
03Model Gateway Architecture
04Secrets, Keys, Quotas, and Rate Limits
05Prompt, Context, Logging, and Redaction
06Policy Enforcement and Data Classification
07RAG, Vector Store, and Tenant Boundaries
08Agent Tool Execution Controls
09Observability, Telemetry, and Incident Response
10Capstone: Secure AI Gateway Platform

Operating principles

How the program works

Paved paths beat prohibition

Make the approved model-access path easier, safer, and more observable than unmanaged provider use.

Control points beat policy documents

Gateways, routing, logging, redaction, quotas, and tool-execution controls create behavior you can actually enforce.

Data minimization is architecture

Send only the context that is needed, redact sensitive data where appropriate, and store only evidence that is safe and useful.

Observability creates evidence

Telemetry should show usage, policy decisions, failures, abuse signals, cost, and incident-response context.

Artifact list

What you'll walk away with

Model gateway architecture with control points
Provider routing and access policy
Prompt-logging and redaction policy
Data classification policy matrix
RAG tenant-boundary design
Agent tool-execution control design
Telemetry schema and rollout plan

Hands-on practice

You'll practice

Map an AI platform threat model
Design a provider routing policy
Define gateway control points
Write quota and budget rules
Define prompt logging and redaction policy
Map data classification to model access
Design RAG tenant boundaries
Define agent tool-execution controls
Create telemetry schemas
Build incident-response workflows
Assemble a secure AI gateway platform plan

Flexible delivery

Choose what fits your team

Self-paced course
Work through it solo inside the Academy.
Platform engineering workshop
Instructor-led for your platform team.
Security architecture workshop
Hands-on for architects and cloud security.
Slack or Teams challenge
A drip sequence that builds shared patterns.
SCORM / LMS package
Drop it into your existing training platform.
AIPSA Defend module
Plug it into the broader AIPSA program.

Framework

AIPSA alignment

Primary domain: Defend — building enforceable AI platform control points.

Also supports: Map (platform attack surface and AI usage paths) and Evidence (logs, telemetry, policy decisions, and audit artifacts).

Related AIPSA products

AIPSA Defend Domain Package
AIPSA Map Domain Package
AIPSA Academy Complete
SecEng Proxy
Model Gateway Workshop
AI Platform Security Assessment
Shadow AI Discovery Add-On

Start the course

Make the secure path the easy path

Bring Model Gateways and Secure AI Platform Engineering to your platform and security teams as a self-paced course or a hands-on workshop — and turn AI adoption into something you can observe and govern.

Start this course

Enterprise AI Security Training

Model Gateways and Secure AI Platform Engineering

Build the approved path for safe AI adoption.

Intermediate~6 hours10 modulesSelf-paced

Enterprise AI adoption needs more than policy — it needs a paved path. This course teaches platform and security teams to design model gateways, provider routing, access controls, logging, redaction, and agent execution controls that are observable, enforceable, and developer-friendly.

Quote

“If your approved AI path is harder than grabbing a provider key, shadow AI is what you'll actually ship.”

AI Security Academy

Why this course exists

Every team building its own model path is the risk

The durable solution is a paved platform path: approved model access that is observable, policy-aware, developer-friendly, and evidence-producing. This course shows you how to design and roll it out.

Heads up

The enterprise problem

Policy documents don't enforce anything. If the approved AI platform path is harder than direct provider use, shadow AI grows — and your control points never get built.

Comparison

What changes after this course

Comparison item

Before — every team rolls its own access

Provider keys scattered across teams with no shared control point
Prompt logging and redaction are inconsistent or missing
Quotas, budgets, and tenant boundaries are unmanaged
Agent tools execute with no approval or audit trail

Comparison item

After — a paved, observable platform path

A model gateway gives you one enforceable control point
Logging, redaction, and policy run at model-access time
Quotas, budgets, and tenant boundaries are designed in
Telemetry produces the evidence audits and incidents need

Audience Action Grid

Who it's for

You are	What this course gives you
Platform & internal developer-platform engineers	Gateway, routing, and paved-path patterns that developers adopt
DevOps, SRE & AI infrastructure teams	Quotas, telemetry, and incident-response design for AI platforms
Cloud security teams & security architects	Enforceable control points for model access and data
Product security, AppSec & SecOps	Policy and classification applied where it actually runs
Engineering managers & AI governance teams	Evidence that AI usage is observable and controlled

Checklist

What you'll be able to do

✓Map AI platform threat models.

✓Design approved provider routing and access patterns.

✓Explain model gateway architecture and its control points.

✓Manage secrets, keys, quotas, budgets, and rate limits.

✓Design prompt and context logging with redaction.

✓Enforce policy and data classification at model-access points.

✓Protect RAG, vector store, and tenant boundaries.

✓Control agent tool execution and approvals.

✓Design telemetry, observability, and incident response for AI platforms.

✓Build a secure AI gateway platform plan.

Metrics

Program at a glance

Modules

Hands-on labs

Capstone

1 platform plan

Delivery formats

Curriculum

10 modules

AI Platform Threat Model

Approved Provider Routing and Access Patterns

Model Gateway Architecture

Secrets, Keys, Quotas, and Rate Limits

Prompt, Context, Logging, and Redaction

Policy Enforcement and Data Classification

RAG, Vector Store, and Tenant Boundaries

Agent Tool Execution Controls

Observability, Telemetry, and Incident Response

Capstone: Secure AI Gateway Platform

Operating principles

How the program works

Principle

Paved paths beat prohibition

Make the approved model-access path easier, safer, and more observable than unmanaged provider use.

Principle

Control points beat policy documents

Gateways, routing, logging, redaction, quotas, and tool-execution controls create behavior you can actually enforce.

Principle

Data minimization is architecture

Send only the context that's needed, redact sensitive data where appropriate, and store only evidence that's safe and useful.

Principle

Observability creates evidence

Telemetry should show usage, policy decisions, failures, abuse signals, cost, and incident-response context.

Artifact List

What you'll walk away with

A model gateway architecture with defined control points.
A provider routing and access policy.
A prompt-logging and redaction policy mapped to data classification.
A RAG tenant-boundary and agent tool-execution control design.
A telemetry schema and a secure AI gateway platform rollout plan.

Checklist

Hands-on practice

✓Map an AI platform threat model.

✓Design a provider routing policy.

✓Define gateway control points.

✓Write quota and budget rules.

✓Define prompt logging and redaction policy.

✓Map data classification to model access.

✓Design RAG tenant boundaries.

✓Define agent tool-execution controls.

✓Create telemetry schemas.

✓Build incident-response workflows.

✓Assemble a secure AI gateway platform plan.

Definition List

Flexible delivery

Self-paced course: Work through it solo inside the Academy.
Platform engineering workshop: Instructor-led for your platform team.
Security architecture workshop: Hands-on for architects and cloud security.
Slack or Teams challenge: A drip sequence that builds shared patterns.
SCORM / LMS package: Drop it into your existing training platform.
AIPSA Defend module: Plug it into the broader AIPSA program.

Recommended learning path

Start with Modules 1–3 to map threats, provider routing, and model gateway architecture.

Move through Modules 4–8 to design secrets, quotas, logging, redaction, policy, data classification, RAG boundaries, and agent execution controls.

Finish with Modules 9–10 to define telemetry, incident response, and your final secure AI gateway platform plan.

Framework

AIPSA alignment

Primary domain: Defend — building enforceable AI platform control points. Also supports: Map (platform attack surface and AI usage paths) and Evidence (logs, telemetry, policy decisions, and audit artifacts).

Related Paths

Related AIPSA products

AIPSA Defend Domain Package
AIPSA Map Domain Package
AIPSA Academy Complete
SecEng Proxy
Model Gateway Workshop
AI Platform Security Assessment
Shadow AI Discovery Add-On

Note

Responsible use

This course uses defensive architecture patterns and synthetic examples to build control points for authorized model usage. It will not help anyone bypass gateways, steal keys, attack providers, evade monitoring, or violate provider terms.

Start the course