Module 11 — Security Engineering for Harnesses
Security Engineering for Harnesses
OWASP Agentic AI Top 10. Offensive techniques. Defensive countermeasures. Defense in depth.
90
minutes
6
artifacts
RedAgent (2026): most LLMs jailbreakable within 5 queries. No single defense layer suffices. The 9-layer stack — across Modules 2, 4, 5, 6, 9, 11 — is defense in depth. An attack must bypass ALL nine.
Key Claims
Load-Bearing Claims
9-layer defense stack — no single layer sufficient; attack must bypass all
Indirect injection is #1 (InjecAgent: 50%+ vulnerable)
RedAgent: 5-query jailbreaks → justifies defense in depth
After This Module
01
State the OWASP Agentic AI Top 10 (ASI01–ASI10) and map each to a harness module where the defense lives.
02
Execute the core offensive techniques (prompt injection, memory poisoning, tool abuse, supply-chain) and explain why each one works at the architecture level.
03
Implement the 9-layer defensive stack (untrusted-tagging, instruction isolation, capability minimization, memory-write gating, fs/network scoping, risk-tiered approval, verification, signed manifests, resource caps) with code.
04
Connect Module 11 to Course 2 (the full offensive/defensive curriculum).
Artifacts