Module 22 Lesson 2: AI Security Capstone
Put it all together. Design a complete security architecture for a hypothetical enterprise AI application, from supply chain to guardrails.
Module 22 Lesson 2: AI Security Capstone Project
This is your final practical exercise. You must design the security architecture for the following scenario:
The Scenario: "LendAI"
You are the Lead Security Engineer for LendAI, a startup that uses a RAG-based LLM to help bank employees evaluate mortgage applications.
The System:
- Frontend: Internal React dashboard for loan officers.
- Model: GPT-4o (hosted on Azure).
- Knowledge Base: LlamaIndex connected to a Vector DB containing "Mortgage Guidelines" and "Customer Credit Histories."
- Tools: An agent can call a
CheckCreditScoreAPI and aSubmitFinalDecisionAPI.
Your Task: Design the "Defensive Wall"
Document how you would implement the following:
- Supply Chain: How do you ensure the LlamaIndex library and the model weights are safe? (Module 11).
- Input Defense: How do you prevent a loan officer from performing prompt injection to "force" an approval for a friend? (Module 7).
- RAG Safety: How do you prevent "Context Poisoning" if an external document is uploaded to the system? (Module 10).
- Output Defense: How do you ensure the AI doesn't leak a customer's SSN in its final summary? (Module 8/15).
- Agent Safety: How do you prevent the
SubmitFinalDecisiontool from being called without human approval? (Module 9/17). - Monitoring: What alerts would you set up in your SOC? (Module 13).
Deliverable:
Create a "Security Architecture Diagram" (using Mermaid or even a text-based list) that shows the flow of a request from the User to the AI and back, highlighting every security "Checkpoint" you've built.
Summary
This capstone project is the ultimate test of your knowledge. By completing it, you prove that you can move from "Knowing the attacks" to "Building the defenses."
Next Lesson: Bringing it home: Course Summary and Key Takeaways.