The Dev and Experiment phase of the AI Security Lifecycle represents the foundation upon which all secure, trustworthy, and compliant AI systems are built. This course focuses on the security, governance, and risk management controls required during AI development and experimentation, where early decisions have the greatest downstream impact. Unlike traditional software, AI systems derive behavior from data, experimentation choices, model architectures, and iterative refinement, making insecure development practices a significant source of long-term risk.

Participants will explore how secure development foundations, secure coding practices, repository governance, experiment management, and CI/CD security integration collectively prevent vulnerabilities from propagating into training, deployment, and production environments. The course emphasizes security-by-design principles, treating experimentation as a governed activity rather than an informal process. Learners will gain a deep understanding of how reproducibility, auditability, and traceability function not only as engineering best practices but also as critical security and compliance controls.

Through detailed coverage of vulnerability scanning, dependency and supply chain risk management, secure model integration, isolation and sandboxing, prompt security, and formal security reviews, this course equips learners to identify and mitigate AI-specific risks early in the lifecycle. Industry case studies and practical examples illustrate how these controls are applied in regulated environments such as pharmaceuticals, where audit readiness and trust are paramount.

By the end of the course, learners will understand how to design and operate secure development and experimentation workflows that balance innovation with control. The Dev and Experiment phase is positioned not as a barrier to progress, but as a strategic enabler that protects intellectual property, reduces supply chain risk, ensures regulatory readiness, and establishes trust in AI systems from inception.

Course Learning Outcomes

• Explain why the Dev and Experiment phase is a critical security control point in the AI Security Lifecycle
• Apply security-by-design principles to AI development and experimentation environments
• Identify common AI-specific coding vulnerabilities and align mitigation strategies with OWASP ML / AI Security guidance
• Implement secure repository and source code management practices, including access control, signed commits, and secret scanning
• Design and operate secure experiment management and reproducibility workflows
• Establish auditability and governance controls for AI experimentation, including identity, logging, and traceability
• Integrate automated vulnerability scanning (SAST, DAST, SCA) into AI development pipelines
• Assess and mitigate dependency and third-party supply chain risks in AI systems
• Securely integrate AI models into applications using strong authentication, authorization, rate limiting, and encryption
• Apply isolation and sandboxing techniques to contain AI workload risk and prevent lateral movement
• Mitigate prompt injection and input manipulation risks in AI-powered applications
• Conduct effective security reviews and compliance checks prior to AI system integration
• Evaluate the strategic outcomes of secure Dev and Experiment practices, including IP protection, audit readiness, and trust