Systems, agents, retrieval, infrastructure

Security, Privacy, and Prompt-Injection Hardening

AI security is not limited to hiding API keys. Systems that retrieve untrusted content, call tools, summarize private data, or act on behalf of users face prompt injection, data exfiltration, confused-deputy problems, insecure tool scopes, and compliance failures.

Deep dive summary

What this module actually teaches.

Passage 1AI security is not limited to hiding API keys. Systems that retrieve untrusted content, call tools, summarize private data, or act on behalf of users face prompt injection, data exfiltration, confused-deputy problems, insecure tool scopes, and compliance failures.

Passage 2This module covers defensive architecture: context separation, instruction hierarchy, data classification, output filtering, tool allowlists, approval gates, secret isolation, tenant boundaries, and monitoring for abnormal tool use. Learners map each defense to the specific failure mode it mitigates.

Passage 3The goal is risk-aware capability design. Students learn to preserve useful AI behavior while reducing blast radius, documenting trust boundaries, and making security review a normal part of the AI feature lifecycle.

Learning operating system

Module prerequisites, concepts, outcomes, and artifacts

Prerequisites

  • Web security fundamentals
  • auth and authorization concepts
  • tool calling basics

Key concepts

  • prompt injection
  • instruction hierarchy
  • context isolation
  • data classification
  • tenant boundaries
  • tool least privilege
  • approval gates

Target audience

  • Engineers shipping AI into enterprise, regulated, internal-tools, or data-sensitive environments.

Outcomes

  • Identify injection and exfiltration paths in AI workflows
  • Design least-privilege tools for model-mediated actions
  • Create security review checklists for AI features

Artifacts

  • AI threat model worksheet
  • tool permission matrix
  • read-only injection analysis example

Code example

Real patterns, ready to copy into your editor.

A code reference card that frames this module's concepts in real syntax. Copy any example to study it or adapt it directly in your own editor.

Copy-ready snippets
curriculum/se-security-privacy-prompt-injection.tsts
1type ModuleBrief = {2  track: string;3  difficulty: string;4  keyConcepts: string[];5  reviewGate: 'human-review-required';6};7 8export const moduleBrief: ModuleBrief = {9  track: 'Software Engineers',10  difficulty: 'Masterclass',11  keyConcepts: [12    'prompt injection',13    'instruction hierarchy',14    'context isolation',15    'data classification',16    'tenant boundaries',17  ],18  reviewGate: 'human-review-required',19};