SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG™

  • Online
7 CPEs

Is your organization seeking to create useful AI solutions? Has your organization struggled to get the project off the ground? SEC495 will supercharge your efforts to build a Large Language Model (LLM) based solution for internal and customer facing applications. More importantly, this fully hands-on class walks you through how to build effective Retrieval Augmented Generation solutions (RAG) that leverage LLMs while also protecting against prompt injection and implementing access controls based on information sensitivity levels.

Course Authors:

What You Will Learn

The leadership teams of many organizations have directed that the enterprise be on the lookout for opportunities to leverage AI in the business process. The problem many face is that there is very little clear articulation of what the vision for AI in the enterprise is.

While SEC595 teaches you everything you need to know to be able to build cutting edge machine learning and AI solutions for real world cybersecurity problems, SEC495 has an entirely different goal. Our experience tells us that most management teams asking for AI are reacting to the Large Language Models (LLMs) that have dominated the mainstream news for the last few years. In SEC495 you will work along with the instructor to build a completely self-hosted RAG (Retrieval Augmented Generation) system that leverages an LLM. More than this, you will learn how to implement security controls to defend the LLM from prompt injection and how to implement information sensitivity controls to limit the answers the LLM can provide based on the rights of the user.

If you need to build an LLM based solution for question answering, knowledge base retrieval, policy creation, or any related task, this class will get you up and running quickly.

Business Takeaways

  • Students will understand how to work with and leverage vector databases.
  • Students will be able to implement chatbot (and similar) style solutions internally.
  • Students will know how to build AI/LLM solutions without disclosing sensitive internal information to a third party or using a public or commercial API.
  • Students will understand how to build cutting edge contextual RAG solutions.
  • Students will understand how to implement agent based AI solutions related to LLMs.

Skills Learned

  • Build an end-to-end RAG backend solution.
  • Extend a RAG to implement Contextual RAG solutions.
  • Understand and implement AI agents in an LLM context for RAG supervision.
  • Implement security controls limiting information disclosure from an LLM.
  • Prevent and defend against prompt injection attacks.

What You Will Receive

  • Electronic courseware
  • A set of dockerized containers for implementing and running all labs locally

What Comes Next?

SEC495 is an excellent add-on for someone who has already successfully completed SEC595 Applied Data Science and AI/Machine Learning for Cybersecurity Professionals. Following SEC495, students wishing to know more about how deep learning and other machine learning solutions function and desiring to build cutting-edge cybersecurity solutions in the defense and threat hunting spaces should seriously consider SEC595. SEC595 continues to be the only AI class in the world that works through implementations of deep learning solutions for threat hunting and cybersecurity.

Syllabus (7 CPEs)

Download PDF
  • Overview

    After introducing the fundamental components upon which LLMs are built, you will work through how to build a traditional RAG solution. Once this is functioning, you will learn how to implement access controls to limit which data the AI can return to specific users. Next, you will improve the quality of the information delivered by your AI by learning how to build a Contextual RAG. The class finishes by introducing the notion of Agentic RAG, implementing auditor and prompting agents, and discussing other possible extensions.

    Something that sets this class apart is that we are focused on the security of your information. While all the techniques taught in the class can be translated directly to the use of commercial APIs, the entire course is taught leveraging locally hosted components. While it can seem that this makes the process more complex, it actually makes the process much more transparent... and demonstrates how to implement LLM based solutions without disclosing sensitive information to a third-party API.

    Exercises
    • Where do Embeddings Come From?
    • Exploring Ollama
    • Retrieval Augmented Generation
    • RAG: Attribution & Security
    • Agentic RAG
    Topics
    • Tokenization
    • Word embeddings
    • CBOW and Skipgrams
    • Vector data stores
    • Hosting LLMs effectively and efficiently
    • Interfacing with LLMs programmatically
    • Document preprocessing and ingestion
    • RAG prompt engineering
    • Limiting LLM hallucinations
    • Implementing ACLs within a RAG effectively
    • Implementing Contextual RAG efficiently
    • Building Agentic AI solutions
    • Deployment considerations for cost mitigation

Prerequisites

Students must have at least intermediate Python skills since the series of workshops will all be written in Python.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

Mandatory SEC495 System Hardware Requirements

Your system must have at least 16 gigabytes of RAM; more is better. The system must be running a modern 64-bit operating system such as Windows 10, Windows 11, Linux, or MacOS. Both Intel and ARM processors are fully supported in the labs. Your system must have at least 20 gigabytes of free disk space available.

This class does not use VMWare. You must have the appropriate rights to install software, or your system must be preconfigured with Rancher Desktop installed and functioning. Docker can also be used if you have a strong preference for it (especially if you are running Linux). Other containerization solutions supporting Docker compose files are acceptable, but you may need to supply your own support. Internet connectivity is required at several points during the class.

If you have additional questions about the laptop specifications, please contact customer service

Author Statement

More and more, management is looking to us to leverage AI in useful ways in the enterprise. How can we do this? What does it look like? While there are many answers to these questions, and SEC595 provides clear answers with regard to threat hunting and monitoring, SEC495 teaches you everything you need to know to get started building solutions that leverage LLMs. While the SEC595 solutions are extremely useful and cutting edge, the SEC495 focus on building RAG solutions using LLMs is much more readily understood by management teams who can instantly see and understand how the solution is useful.

While we focus on leveraging (and securing) RAGs for information retrieval, there are some beautiful natural extensions, such as identifying standards compliance based on policies, automated report generation, and many more. Perhaps the best part of SEC495 is that everything is completed using on-premises containers. Of course, you can host these in the cloud, scale them up, or even trade them out for commercial APIs, but you learn how to implement all these pieces without every needing to send sensitive information to a third party. That’s a big win!

-Dave Hoelzer

Register for SEC495

Learn about Group Pricing

Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.

Loading...