SEC5xx — CYBER DEFENSE CURRICULUM

For eight hours, you defend Verdancy Health against an AI adversary that has studied your AI SOC.

SEC5xx — Detecting and Responding to AI-Generated Adversary Content

Read the blueprint → Contact

WHERE SANS' CATALOG STOPS

Three courses cover AI. None cover this.

Course What it covers
SEC450 Analyst USES AI in the SOC
SEC598 Team AUTOMATES with AI
SEC535 Red team ATTACKS with AI
This course Detection + response for adversary content GENERATED by AI

WHAT 'AI-GENERATED ADVERSARY CONTENT' MEANS

Six threat classes. One property in common.

Deepfake voice/video BEC

Arup, Feb 2024, ~$25.6M

Real-time voice and video clones in CEO-fraud calls and Zoom/Teams meetings.

AI-authored phishing

FraudGPT/WormGPT successors, 2024-2025

Fluent, locale-correct phishing at scale, A/B-tested by the operator's own LLM.

Polymorphic AI malware

ESET PromptLock, Aug 2025

First documented ransomware calling an LLM at runtime to generate payloads per victim.

Prompt-injection campaigns

EchoLeak CVE-2025-32711, June 2025

Zero-click M365 Copilot data exfil via crafted email parsed by the assistant.

Agentic intrusions

UK NCSC/CISA guidance, 2025

End-to-end agent operations by financially motivated and state actors.

AI supply chain

LiteLLM/Mercor breach, Mar 2026

Compromised PyPI packages exfiltrating cloud credentials and ML pipeline secrets — Mercor breach scaled to ~4TB.

5-DAY COURSE STRUCTURE

Threat-driven by day. Detector's stack woven in.

01

Detector's AI stack + AI-generated phishing

Deployment decision, embeddings, RAG for detection engineering, plus the first threat class.

  • 01.1 What changed when adversaries got LLMs
  • 01.2 The detector's AI deployment decision (open-weight vs cloud)
  • 01.3 Embeddings as the detector's highest-ROI primitive
  • 01.4 RAG for detection engineering
  • 01.5 Detecting AI-generated phishing
  • 01.6 Anti-patterns to avoid
Read full Day 1 content →
02

Deepfake BEC, vishing, synthetic identity

Arup case study, synthetic audio/video detection, out-of-band verification as detection.

  • 02.1 Anchor case: Arup HK$200M deepfake video BEC
  • 02.2 Synthetic audio detection (what's catchable)
  • 02.3 Synthetic video detection (why it's harder)
  • 02.4 The vishing kill chain
  • 02.5 Synthetic identity at scale
  • 02.6 IR playbook: deepfake-suspected incident
Read full Day 2 content →
03

LLM-authored malware + enterprise-copilot injection

LLM-authorship signals, polymorphic malware, the EchoLeak class, guardrail stack as detection telemetry.

  • 03.1 LLM-authorship signals in dropped code
  • 03.2 Polymorphic and runtime-generated malware
  • 03.3 OWASP LLM Top 10 (2025) as a detection checklist
  • 03.4 Prompt injection against enterprise copilots
  • 03.5 The guardrails stack as detection telemetry
  • 03.6 The lethal trifecta
Read full Day 3 content →
04

Agentic adversaries + AI supply-chain compromise

Detect adversary agent telemetry, harden your own agents, audit ML artifact provenance.

  • 04.1 The agentic adversary
  • 04.2 Detection signatures for adversary agents
  • 04.3 Hardening your own agents
  • 04.4 Supply-chain compromise of ML artifacts
  • 04.5 Backdoored fine-tunes and sleeper-agent models
  • 04.6 Poisoned RAG corpora
Read full Day 4 content →
05

Capstone — Operation Hollow Mirror

8-hour immersive IR against PROMETHEUS-7 attacking Verdancy Health.

  • 05.1 Briefing & env check
  • 05.2 Phase 1 — Recon detection
  • 05.3 Phase 2 — Deepfake BEC + triage
  • 05.4 Phase 3 — Prompt-injection IR on NoraBot
  • 05.5 Phase 4 — The Mirror twist (manipulated SIEM)
  • 05.6 Reporting + hot wash + GIAC prep
Read full Day 5 content →

ON THE SEC450 GRADUATE PATHWAY

Built where SEC450 ends.

PREREQUISITE

SEC450

Blue Team Fundamentals & SOC

THIS COURSE

SEC5xx

AI-Generated Adversary Content

This course assumes SEC450 as prerequisite. It does not re-teach the RAG, agent, or Ollama labs that SEC450's 2025 refresh already covers. Day 1 begins where SEC450 ends.

The curriculum positioning is intentionally aligned with the SEC450 graduate pathway — designed in close coordination with the SEC450 author and curriculum lead.

WHY 2026

Adversary AI is operational. The curriculum hasn't caught up.

2024.02

Arup HK$200M deepfake video BEC

2024.02

Microsoft/OpenAI joint state-actor LLM disclosure

2025.06

EchoLeak — zero-click M365 Copilot exfil

2025.08

ESET PromptLock — first LLM-runtime ransomware

DAY 5 — CAPSTONE

"For eight hours, you defend Verdancy Health against PROMETHEUS-7 — an AI-orchestrated adversary that has studied your AI SOC, knows how it reasons, and built an attack designed to make your own agents lie to you."

Scenario

Verdancy Health Cooperative — a 14,000-employee regional healthcare insurer. The CISO publicly bragged about Verdancy's 'agentic AI SOC.' PROMETHEUS-7 — a financially motivated crew — scraped the talk and built the campaign around defeating that specific stack.

4-stage kill chain

  1. 01 AI-driven recon — LLM-generated dossiers on 40 finance staff identify the AP Director.
  2. 02 Deepfake voice BEC — CFO voice clone plants a malicious vendor-onboarding PDF.
  3. 03 Indirect prompt injection — poisoned support ticket makes the customer-facing chatbot leak session tokens.
  4. 04 Agentic exfil with AI SOC manipulation — exfil to a lookalike bucket while injecting logs that make the defender's triage agent attribute the activity to a legitimate vendor sync. This is the twist.

3 capstone variants

  • Hollow Mirror: Fintech

    Halgrove Capital Partners · STYX-4

  • Hollow Mirror: OT

    Brackenwell Industrial Systems · CINDERHOOK

  • Hollow Mirror: Public Sector

    State of Lincoln DMV · PALEHORSE-9

Pass bar 700/1000 for GIAC capstone credit.

WHAT SHIPS

Course package and downloadable artifacts.

Course package

GIAC
GAIDA — GIAC AI Detection Analyst (proposed)
Labs
Browser-based on pre-provisioned EC2
Capstone
3 pre-built scenario variants
Duration
5 days / ~36 CPE hours

Downloads

Day 1 content

Detector stack + AI phishing

Read →

Day 2 content

Deepfake BEC + workflow-gap detection

Read →

Day 3 content

LLM malware + EchoLeak + lethal trifecta

Read →

Day 4 content

Agentic adversaries + AI supply chain

Read →

Day 5 capstone

Operation Hollow Mirror — 8h immersive IR

Read →

Course blueprint

Full 5-day spec

Read →

MEET THE INSTRUCTOR

15 years in network + security architecture. University and industry conference delivery.

Education
Master's degree in IT Security
Experience
15 years as Network + Security Architect
University teaching
Master class at Universitatea Politehnică București (UPB) — Romania's top engineering university upb.vexpertai.com
Industry workshop
4-hour hands-on workshop at AutoCon 5, Munich, June 2026 — premier European network-automation industry conference
Publishing
Active relationship with Packt Publishing
Recognition
vExpertAI recognition; 3+ years developing AI curriculum for network and infrastructure engineers

Domain authority

The intersection of AI tooling and network/security infrastructure is the exact technical territory this SEC5xx course covers — and the territory Ed has been building, teaching, and publishing in for the past three years.

Past delivery: graduate-level instruction at UPB (Bucharest) and conference-format workshops at industry events including AutoCon 5 (Munich, June 2026). Continuous practitioner work via vExpertAI consulting.

Full instructor profile →

WHAT I'M ASKING FOR

Three concrete asks.

01

Co-author with John Hubbard from blueprint forward.

02

Position as SEC450 follow-on in the curriculum map.

03

30-minute call to align on Day 1 module ownership.

Ed Dulharu

Munich, Germany (CET/CEST)

ed@vexpertai.com →