Bash the Bot: AI Pentesting in a Day
Who this workshop is for:
Security practitioners who want hands-on time with one of the fastest-moving attack surfaces in the industry
Pentesters and red teamers who need a structured way to assess AI systems
Engineers and architects deploying AI who want to understand how it gets attacked
What's included:
Live, hands-on sessions, two group practicals, not just talks
Recording included, full Google Meet recording for everyone who registers
A guest practitioner talk on AI bug bounty hunting
Closing Q&A with all instructors on screen
A place in a focused cohort of 60 practitioners
AI systems are being deployed everywhere. Bolted into critical infrastructure, customer-facing products, and internal tooling, faster than security teams can assess them.
And most of them have never been properly tested.
Prompt injection. Supply chain attacks. Model poisoning. These aren't theoretical. They're live attack surfaces that most practitioners have never had hands-on time with.
Not because people don't care. Because the field is moving faster than the training has been able to keep up.
This workshop closes that gap.
In one focused day, you'll learn how to find and exploit vulnerabilities in AI systems, covering the full attack surface from prompt injection to supply chain threats, and how to think like an attacker when evaluating any AI deployment.
What makes this workshop different:
It's built around two hands-on practicals, not a slide deck and a Q&A
You work in groups of 5 through real attack scenarios, alongside other practitioners
It covers the practical mechanics of AI pentesting you can apply to real work immediately
What you'll learn:
A focused, full-day deep dive into one of the fastest-moving attack surfaces in security.
The foundations of AI security
The AI attack surface, end to end, and why most deployments have never been assessed
How to think like an attacker when evaluating any AI system
The vulnerability classes that matter: prompt injection, supply chain threats, model poisoning, and more
How to threat model an AI system
A structured way to threat model any AI architecture
How to apply it to a real architecture, working through it in a group of 5
How to debate and pressure-test threat models with other practitioners
How to pentest AI deployments
Hands-on pentesting of the system you just threat modelled
Practical techniques for exploiting AI vulnerabilities in the wild
Insight from an industry practitioner on AI bug bounty hunting
🗓 Workshop Agenda (14:00 – 18:00 BST)
14:00–14:30 | 30m | AI Security Foundations
14:30–15:15 | 45m | Talk: Threat Modelling AI Systems
15:15–16:00 | 45m | Practical: Threat Model a Real Architecture (groups of 5)
16:00–16:15 | 15m | Break
16:15–16:45 | 30m | Guest Talk: AI Bug Bounty Hunting in the Wild
16:45–17:30 | 45m | Talk: Pentesting AI Systems
17:30–18:00 | 30m | Practical: Pentest the System You Modelled (groups of 5)
Learn directly from the team behind the THM AI Security Learning Path:
Max Robertson, Senior Content Engineer at TryHackMe.
Christian Urcuqui, Content Engineer at TryHackMe.
Secret Guest Speaker!
A cohort, not just a course
Both practical sessions run in groups of 5, which means you're working through real attack scenarios alongside other security practitioners, not watching from the back row of a webinar.
The group format is intentional : you'll share approaches, debate threat models, and learn how others think about AI risk.
The 45-seat cohort keeps it tight enough that you're working closely with other practitioners throughout the day.