Bash the Bot: AI Pentesting in a Day

Google Meet
Get Tickets
Ticket Price
$400.00
Welcome! To join the event, please get your ticket below.
About Event

"I came in thinking AI security was just prompt injection. I left knowing how to assess an entire AI system - from threat modeling and trust boundaries to RAG, tool execution, and memory."

"The biggest unlock was learning what questions to ask, especially where attacker-controlled data becomes instructions."

-1st Cohort participants


Who this workshop is for:

  • Security practitioners who want hands-on time with one of the fastest-moving attack surfaces in the industry

  • Pentesters and red teamers who need a structured way to assess AI systems

  • Engineers and architects deploying AI who want to understand how it gets attacked

​What's included:

  • Live, hands-on sessions, two group practicals, not just talks

  • Recording included, full Google Meet recording for everyone who registers

  • A guest practitioner talk on AI bug bounty hunting

  • Closing Q&A with all instructors on screen

  • Certificate of participation with credits of CPE

  • A place in a focused cohort of 45 practitioners


In one focused day, you'll learn how to find and exploit vulnerabilities in AI systems, covering the full attack surface from prompt injection to supply chain threats, and how to think like an attacker when evaluating any AI deployment.

​What makes this workshop different:

  • It's built around two hands-on practicals, not a slide deck and a Q&A

  • You work in groups through real attack scenarios, alongside other practitioners

  • It covers the practical mechanics of AI pentesting you can apply to real work immediately

​What you'll learn:

A focused, full-day deep dive into one of the fastest-moving attack surfaces in security.

​The foundations of AI security

  • The AI attack surface, end to end, and why most deployments have never been assessed

  • How to think like an attacker when evaluating any AI system

  • The vulnerability classes that matter: prompt injection, supply chain threats, model poisoning, and more

​How to threat model an AI system

  • A structured way to threat model any AI architecture

  • How to apply it to a real architecture, working through it in a group of 5

  • How to debate and pressure-test threat models with other practitioners

​How to pentest AI deployments

  • Hands-on pentesting of the system you just threat modelled

  • Practical techniques for exploiting AI vulnerabilities in the wild

  • Insight from an industry practitioner on AI bug bounty hunting

​🗓 Workshop Agenda (14:00 – 19:00 BST)

  • 14:00–14:45 | 45m | AI Security Foundations

  • 14:45–15:30 | 45m | Talk: Threat Modelling AI Systems

  • 15:30–16:30 | 60m | Practical: Threat Model an AI Application Architecture (in groups)

  • 16:30–16:45 | 15m | Break

  • 16:45–17:45 | 60m | Guest Speaker: Industry Expert talk

  • 17:45–18:30 | 45m | Talk: Pentesting AI Systems

  • 18:30–18:45 | 15m | Break

  • 18:45–19:30 | 45m | Practical: Pentest the System You Modelled (in groups)

  • 19:30–20:00 | 30m | Closing Thoughts / Instructor Questions

Learn directly from the team behind the THM AI Security Learning Path:

  • Max Robertson, Senior Content Engineer at TryHackMe.

  • Christian Urcuqui, Content Engineer at TryHackMe.

  • Secret Guest Speaker!

​A cohort, not just a course

Both practical sessions run in groups of 5, which means you're working through real attack scenarios alongside other security practitioners, not watching from the back row of a webinar.

The group format is intentional : you'll share approaches, debate threat models, and learn how others think about AI risk.

The 45-seat cohort keeps it tight enough that you're working closely with other practitioners throughout the day.