SERVICE · TRAIN & EDUCATE · FROM $60K
Two-day Five Surfaces workshop for AppSec, ML, and platform teams. Hands-on labs against intentionally vulnerable agents. Certification track. Ninety days of async Q&A and follow-up review.
What you'll be able to do after
- Run a Five Surfaces assessment on your own agents without external help
- Recognize and exploit the top risk classes across all five surfaces — 69 catalogued classes total
- Write findings reports in the format your compliance team and insurance carrier expect
- Operate mcp-fuzzer in CI to catch regressions before they ship
- Build a remediation plan that maps to OWASP-LLM-Top-10 and EU AI Act Article 15
- Lead internal AI security reviews with a structured methodology, not ad-hoc checklists
Agenda
Day 1 — Framework + Surfaces 1-3
- Morning
Five Surfaces walkthrough
Framework overview, threat model per surface, mapping to OWASP-LLM-Top-10 and MITRE ATLAS.
- Midday
Surface 1 + Surface 2 labs
Hands-on jailbreak batteries, indirect-prompt-injection exercises against a vulnerable RAG pipeline.
- Afternoon
Surface 3 deep-dive (MCP)
Tool poisoning, privilege escalation, parameter injection. mcp-fuzzer walkthrough. Live PoCs.
Day 2 — Surfaces 4-5 + capstone
- Morning
Surface 4 + Surface 5 labs
System-prompt extraction, training-data inference, sandbox-escape battery. Hands-on against intentionally vulnerable targets.
- Midday
Findings → remediation playbook
How to write findings, set severity, build remediation guidance. Per-surface defense-in-depth patterns.
- Afternoon
Capstone exercise + certification
Team-based red-team against a fresh target. Cert exam covers methodology and remediation. Pass = listed in Vectorbreak's certified-practitioner directory.
Who it's for
- AppSec engineers responsible for AI features but trained in web/network methodologies
- ML and MLOps platform teams shipping LLM-backed products
- Security architects evaluating MCP deployments
- Platform engineers responsible for the AI runtime, sandboxes, and agent orchestration
- Compliance and risk leads who need to understand what AI red-teaming actually involves
Best fit: 6-12 attendees with existing security or platform fundamentals. This is not an LLM intro class.
What's included
- Two days of instructor-led content (on-site or virtual)
- All hands-on lab environments and intentionally vulnerable agent targets
- Certification exam at the end of day 2 — pass = listed in Vectorbreak's certified-practitioner directory (opt-in)
- 90 days of async Q&A and follow-up review via a private channel
- Copy of the Five Surfaces checklist, the mcp-fuzzer tool, and the lab targets to keep and reuse internally
- Lance instructs every session personally — no junior contractors
FAQ
Who is this workshop for?
AppSec engineers responsible for AI features. ML and MLOps platform teams shipping LLM-backed products. Security architects evaluating MCP deployments. Platform engineers responsible for the AI runtime. Compliance and risk leads who need to understand what AI red-teaming actually involves. Best fit: 6-12 attendees with existing security or platform fundamentals — this is not an LLM intro class.
What's included?
Two days of instructor-led content (on-site at your office or virtual). All hands-on lab environments and intentionally vulnerable agent targets. Certification exam at the end of day 2. 90 days of async Q&A and follow-up review via a private channel after the workshop. A copy of the Five Surfaces checklist, the mcp-fuzzer tool, and the lab targets to keep and reuse internally. Lance instructs every session personally — no junior contractors.
What will my team actually be able to do after?
Run a Five Surfaces assessment on your own agents without external help. Recognize and exploit the top risk classes across all five surfaces. Write findings reports in the format your compliance team and insurance carrier expect. Operate mcp-fuzzer in CI to catch regressions. Build a remediation plan that maps to OWASP-LLM-Top-10 and EU AI Act Article 15. Certified practitioners are listed in our directory (opt-in).
How much does it cost?
From $60,000 fixed-fee for a standard 2-day workshop with up to 12 attendees. Custom pricing for larger cohorts, multi-team rollouts, repeat engagements, or specialized scopes (e.g., compliance-focused, multi-agent-focused). Includes all lab infrastructure, certification, and 90 days of async support. Travel costs included for on-site within North America and Europe; charged at cost elsewhere.
Can it be delivered virtually?
Yes — the workshop runs equally well on Zoom/Teams/Meet. Virtual delivery is the same content, same labs (cloud-hosted), same certification. We typically split the two days across two consecutive weeks for virtual delivery (one day per week) to reduce screen fatigue, but consecutive-day virtual is also available.
Is there a public version of this training?
Not currently. The workshop is private and contracted per organization. We may run conference workshops (BSides, DEF CON AI Village, AppSec EU) — those announcements go out via the LinkedIn page and the practitioner Discord community.