Learning Lab | Applied AI Security for Higher Ed Professionals: May 2026
Learning Experience

Learning Experience

The Learning Lab experience is supported by both asynchronous and synchronous components. Each Learning Lab sequence includes a set of resources, an asynchronous discussion, and an interactive live session, all of which culminate in the development of a project or application to apply learning to local and specific contexts in support of the learning objectives.

Schedule

Part 1: Foundations & Initial Exploits

May 19, 2026, 3:00–4:30 p.m. ET

This session begins with the foundations of AI security and the threat landscape in higher education. We examine how prompt injection, data extraction, and safety control bypass specifically threaten campus AI deployments. Participants then access the cyber range, a controlled lab built around higher education scenarios. Through live demonstration and hands-on practice, participants execute direct prompt injection attacks against university chatbots, learning to override system instructions and extract hidden system prompts.

Learning Objectives:

Identify common AI security vulnerabilities relevant to higher education systems.
Execute direct prompt injection attacks, including instruction override and role manipulation.
Document attack patterns for inclusion in the final assessment portfolio.

Part 2: Advanced Attack Techniques

May 21, 2026, 3:00–4:30 p.m. ET

With foundational skills established, this session advances to sophisticated techniques targeting AI architectures common in higher education: Retrieval-Augmented Generation (RAG) systems and integrated applications.

Participants learn indirect prompt injection—attacks embedded within data that LLMs process, rather than direct user input. In campus contexts, this means malicious content hidden in uploaded documents or compromised knowledge bases. Through hands-on labs, participants extract sensitive institutional documents from RAG systems. The session then addresses chained application injections and unintended code execution vulnerabilities that emerge when AI systems connect to the broader institutional infrastructure.

Learning Objectives:

Execute indirect prompt injection attacks through document upload and context manipulation.
Extract sensitive data from RAG systems containing institutional documents.
Exploit chained application injections and unintended code execution vulnerabilities.

Part 3: Building Defenses

May 26, 2026, 3:00–4:30 p.m. ET

The shift from offense to defense begins. Participants implement controls that stop the attacks they executed in previous sessions, building practical security measures for campus AI systems.

This session covers defense-in-depth architecture, addressing where controls must exist across the AI pipeline: input, processing, and output stages. Participants implement input validation and prompt sanitization techniques designed to block injection attacks. The session advances to output-side defenses, including filtering mechanisms that prevent sensitive data disclosure and guardrail systems that enforce behavioral boundaries. Participants test these controls against their documented attack patterns, verifying effectiveness and identifying gaps.

Learning Objectives:

Implement input validation and prompt sanitization to detect and block injection attempts.
Configure output filtering and guardrails to prevent sensitive data disclosure.
Test defensive controls against documented attack patterns.

Part 4: Monitoring and Governance Integration

May 28, 2026, 3:00–4:30 p.m. ET

Technical defenses require visibility. This session completes the security architecture with monitoring capabilities, and then bridges technical skills to institutional governance and workforce development.

Participants learn what malicious LLM usage looks like in system logs and review patterns for injection attacks and exfiltration attempts. Through log review exercises, they identify attack signatures from earlier sessions. The session then connects the hands-on techniques practiced throughout the lab to industry frameworks including the OWASP Top 10 for LLMs, NIST Adversarial Machine Learning taxonomy (AI 100-2), and the NICE Framework AI Security Competency Area (NF-COM-002). This mapping creates documented workforce outcomes that support hiring, curriculum development, and security program justification.

Learning Objectives:

Identify suspicious AI system behavior through log review and monitoring.
Map attack and defense techniques to OWASP Top 10 for LLMs, NIST AI 100-2, and NICE Framework competencies.
Apply a repeatable framework mapping process for workforce documentation.

Lab Implementation Project

Participants document the attacks they executed and the defenses they implemented throughout the lab—describing each technique's purpose and method. Participants then begin mapping these documented techniques to industry frameworks such as OWASP Top 10 for LLMs and the NICE Framework AI Security Competency Area (NF-COM-002).

Participants complete the full mapping on their own after the lab concludes, resulting in an AI Security Portfolio that ties hands-on technical skills to recognized industry standards and workforce competencies.

Lab Access

All Learning Labs are delivered using Canvas and Zoom, more information will be provided upon registration.

Earn the Microcredential

Each registered participant will complete various activities that apply concepts and strategies introduced in the Lab that support the learning objectives. You’ll receive feedback and constructive critique from the facilitator(s) on how to improve and shape your work. Those who successfully complete required activities will receive an EDUCAUSE digital microcredential recognizing their accomplishment.