The Cybersecurity Bootcamp for AI Security (CBAS) is a 2-6 week cybersecurity bootcamp aimed at training attendees in the cybersecurity skills relevant for frontier Al security.
To express interest in a future bootcamp, please go here.
This bootcamp is intended as an entry point for those looking to transition into AI security projects or improve their current work through more security knowledge. It’s entirely free to attend and doesn’t require a background in security.
The program will help attendees understand and address the security gaps in current systems, particularly against highly capable threat actors. During the bootcamp, attendees will learn how cyber-capable adversaries compromise systems, which security control measures could prevent future incidents, and learn to implement those control measures in labs. By the end of the bootcamp, attendees should feel equipped to understand and implement defenses against various threats, and better understand the broader security landscape.
The organizers of this bootcamp are Wrena Sproat and Caleb Parikh. Buck Shlegeris and Zassmin M. are advising.
Audience
The bootcamp is aimed at those who want to learn about cybersecurity in order to advance AI safety. Within that, we expect that the skills that attendees learn will be useful for a range of purposes, including:
- Understanding how to evaluate security architecture proposals, particularly around zero trust architecture, hardware-based attestation, and defensible computing environments.
- Assessing the feasibility of proposed security controls against sophisticated threats, contributing to technical discussions about securing AI infrastructure, and participating in threat modeling exercises for critical systems.
- Understanding where current security paradigms fall short and what next-generation approaches might look like.
We don’t expect applicants to have a security background, though most attendees will likely already feel comfortable with coding, networking fundamentals, or navigating around a terminal.
Curriculum
Each day of the bootcamp will focus on a specific security control and a vulnerability it addresses.
The day begins with a discussion or lecture about a well-known historical security incident where the absence of that control enabled the threat actor to enact the security breach. We’ll explore how having the control in place might have prevented the incident.
For the majority of the day, participants will implement the control in a lab setting. By the end of the bootcamp, they’ll know what it means to apply the control in practice.
The full syllabus is here. You can see a summary of the syllabus below.
Week 1: Foundations and Trust
Day 1: Threat Modeling & Attack Trees
- Vulnerability: Complex systems have non-obvious attack paths.
- Control: Systematic mapping of attack paths and trust relationships.
- Historical Context: Target Data Breach (2013)
Day 2: TPMs and Remote Attestation
- Vulnerability: Compromised systems can lie about their security state.
- Control: Hardware-based attestation with cryptographic proof of system integrity.
- Historical Context: Stuxnet (2010)
Day 3: GPU Confidential Computing
- Vulnerability: AI model weights in GPU memory are vulnerable to theft.
- Control: Hardware-enforced encrypted enclaves for GPU data protection.
Day 4: Side Channel Attacks
- Vulnerability: Shared hardware resources leak data through timing and power consumption.
- Control: Hardware-level isolation to prevent covert channel data extraction.
- Historical Context: Meltdown/Spectre (2018)
Day 5: Supply Chain Security
- Vulnerability: Software artifacts can be tampered with at multiple points between source and deployment.
- Control: End-to-end supply chain integrity frameworks that enforce security controls.
- Historical Context: XcodeGhost (2015)
Week 2: Zero Trust and Advanced Security
Day 1: Zero Trust Architecture
- Vulnerability: Network breach enables unrestricted lateral movement.
- Control: Verify every access attempt, regardless of the source.
- Historical Context: Colonial Pipeline Ransomware Attack (2021)
Day 2: Microsegmentation
- Vulnerability: Flat networks allow rapid malware spread.
- Control: Fine-grained perimeters around workloads to contain breaches.
- Historical Context: NotPetya (2017)
Day 3: Device-Bound Credentials
- Vulnerability: Stolen credentials can be used from any device.
- Control: Hardware-binding ensures credentials work only on authorized devices.
- Historical Context: RSA SecurID Breach (2011)
Day 4: Detection and Response
- Vulnerability: Sophisticated attackers evade traditional detection.
- Control: Multi-layered detection strategy combining network, endpoint, and behavioral monitoring with automated response capabilities.
- Historical Context: DNC Cyber Attacks (2015)
Day 5: Future Security Engineering and Incident Response
- Vulnerability: Top cyber-capable attacks use zero-days and exploit vulnerabilities across multiple layers.
- Control: Design and development of next-generation defense capabilities across hardware and software layers.
A typical schedule might look something like this:
9am | Lecture and Q&A on daily topic |
10am | Pair program on labs |
12:30pm | Lunch |
1:30pm | Pair program on labs |
6pm | Communal dinner |
7pm | End of schedule, optional social event or tabletop exercise |
If you get stuck on some content or labs, the bootcamp will have TAs around to answer questions and help get you unstuck.
Entirely free to attend
The bootcamp is free to attend, with meals and office space provided for all attendees. We can also provide travel and housing support for some attendees who need financial support to attend.
We do not want cost to be a barrier to attend the bootcamp.