Hands-On Lab: Cutting-Edge AI Defenses - Hardening RAG & Agentic Systems End-to-End

• By David Ramel
• 05/26/2026

AI security is quickly becoming less about distant model risks and more about the systems enterprises are already building: retrieval-augmented generation pipelines, vector databases, LLM gateways, tool servers, autonomous agents and APIs that can take action. As these systems move into production, they also move into an attacker's blast radius.

That shift matters because RAG and agentic AI applications create new paths between untrusted input and sensitive systems. A malicious document can influence retrieval. A prompt can steer a tool call. An agent can reach a network service it was never meant to touch. A poorly designed "LLM-to-database” shortcut can turn a natural-language request into a data integrity problem. What once looked like a clever demo can become a new class of application security exposure.

The industry is starting to formalize that risk. The OWASP Top 10 for Large Language Model Applications highlights threats such as prompt injection, sensitive information disclosure, excessive agency and insecure output handling. MITRE ATLAS provides a knowledge base for adversarial tactics against AI-enabled systems. The NIST AI Risk Management Framework and NIST Secure Software Development Framework push organizations to treat AI risk as part of broader governance and software delivery, not as a one-off checklist at the end of a project.

For teams building with LLMs, the hard part is translating that guidance into working controls. What does "least privilege” mean when one AI component calls another? How should teams limit agentic tool use without destroying the usefulness of the workflow? Where should they inspect retrieved content? How do they detect suspicious tool chains or data exfiltration attempts? And how can security teams document the system well enough for auditors, responders and future developers?

Those questions are at the center of Hands-On Lab: Cutting-Edge AI Defenses - Hardening RAG & Agentic Systems End-to-End, a full-day intermediate-to-advanced session scheduled for Monday, August 3, 2026, from 8:30 a.m. to 5:30 p.m. at TechMentor & Cybersecurity Live! @ Microsoft HQ in Redmond, Wash.

The lab starts with a realistic AI stack: an LLM gateway, RAG pipeline, vector database, tool and agent server with Model Context Protocol components, reverse proxy and SIEM logging. From there, attendees will incrementally harden the system, implementing identity between AI components, granular tool permissions, egress controls, URL allowlists, sandboxing, ingestion guards, retrieval controls and monitoring for sensitive-data exposure.

The session's attack-and-defense structure is one of its most practical strengths. Attendees will first see how weak patterns fail, including direct database access driven by LLM prompts, prompt injection in user input and external documents, RAG poisoning, AI-controlled network "sinks,” and agentic tool chains that can leak sensitive data. Then they will apply concrete defenses: read-only database roles, delegated access based on end-user identity, parameterized queries exposed through tools, provenance metadata, poisoning filters, DNS and egress policies, approval checks, quotas and anomalous behavior detections.

Just as importantly, the lab does not stop at technical controls. It closes with AI governance artifacts, including an AI-BOM covering models, datasets, embeddings, tools and infrastructure, along with model and system cards. The goal is to help attendees connect hands-on security engineering with frameworks such as OWASP, MITRE ATLAS, NIST AI RMF, NIST SSDF and secure AI guidance from agencies including CISA and the U.K. National Cyber Security Centre.

Leading the lab is Pavan Reddy, Principal Developer at Automata LLC and founder of QBTrain, a free AI and AI security education platform. His work focuses on adversarial attacks, prompt injection vulnerabilities and systemic weaknesses in foundation models, and he has delivered more than 20 talks and workshops across research and security venues.

For teams running or planning RAG and agentic systems, this lab offers a rare chance to move past theory. Attendees should leave not only with a sharper understanding of how AI systems are attacked, but also with reusable code, artifacts and defensive patterns they can adapt to their own retrieval-heavy or tool-using AI architectures.