AI Agents course

You are inworkspace

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed

0 of 3

You will be able to

Identify prompt injection attempts and explain a safe response
Apply data handling rules for sensitive content
Explain the trade offs between capability and safety in plain language

Pick up where you left off

Threats follow the tool path Defence in depth Responsible systems are designed

Optional

Full module map

Use this if you want the shape of the level before you start

Show

Module 4.1Threats follow the tool path

Most agent threats are about untrusted input reaching powerful tools or sensitive data.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain threats follow the tool path in your own words and apply it to a realistic scenario.
Most agent threats are about untrusted input reaching powerful tools or sensitive data.
Check the assumption "All input is untrusted" and explain what changes if it is false.
Check the assumption "Tools are restricted" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Prompt injection. Hidden instructions change behaviour, often by asking the agent to ignore its rules.
Data exfiltration. The agent leaks secrets through output, logs, or tool parameters.

Module 4.2Defence in depth

Secure agents rely on layered controls, not one clever prompt.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain defence in depth in your own words and apply it to a realistic scenario.
Secure agents rely on layered controls, not one clever prompt.
Check the assumption "Policies are enforceable" and explain what changes if it is false.
Check the assumption "Auditing exists" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Single control reliance. If your only defence is a system prompt, you will be surprised.
Unsafe defaults. Default allow is easy and dangerous. Start with default deny.

Module 4.3Responsible systems are designed

Ethics is not a paragraph at the end. It is choices about users, harms, and accountability.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain responsible systems are designed in your own words and apply it to a realistic scenario.
Ethics is not a paragraph at the end. It is choices about users, harms, and accountability.
Check the assumption "Harms are considered" and explain what changes if it is false.
Check the assumption "Accountability is clear" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Optimising for engagement. If you optimise only for clicks, you can make behaviour worse while numbers look better.
No escalation path. When harm happens, users need a clear way to report and get help.

Optional

Planning and evidence

Objectives, timing, and CPD tracking

Show

If you want to start learning now, leave this closed. Come back when you want to plan your practice or keep evidence for CPD. This is guidance and it is not endorsed by awarding bodies. Standards mapping lives on the course overview page.

Learning objectives

What you will be able to do

1. Identify prompt injection attempts and explain a safe response
Prompt injection and data leakage are the top real world risks right now.
2. Apply data handling rules for sensitive content
Security controls must match the actual deployment scenario, not the demo.
3. Explain the trade offs between capability and safety in plain language
Standards give you a defensible way to explain your choices.
4. Use a simple risk register for an agent project
Ethical decisions are part of engineering, not an optional extra.

What comes next

Next we scale reliability and evaluation because that is what production demands.

Continue to Advanced mastery

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent

Security and ethics

Threat modelling, prompt injection defence, and responsible deployment.

Style

scenario

50 questions

75 min timed

Pass standard

70%

Not externally certified

CPD timing

Security and Ethics time breakdown

Defensible timing based on page content: reading, labs, checkpoints, and reflection.

Reading

60m

9,110 words × 1.3

Practice

0 × 15m

Checkpoints

30m

6 × 5m

Reflection

24m

3 × 8m

Estimated total

2h 54m

Based on page content

Claimed hours

15h

Includes reattempts + capstone

Claimed hours exceed on-page estimate by ~13h. Gap will be filled with guided practice and assessment-grade work.

CPD tracking

Fixed hours for this level are 15. Timed assessment time is included once on pass.

View in My CPD

Pricing and CPD Sign in to sync progress and unlock assessments

Progress minutes

0.0 hours

Learning objectives

What you will be able to do

1. Identify prompt injection attempts and explain a safe response
Prompt injection and data leakage are the top real world risks right now.
2. Apply data handling rules for sensitive content
Security controls must match the actual deployment scenario, not the demo.
3. Explain the trade offs between capability and safety in plain language
Standards give you a defensible way to explain your choices.
4. Use a simple risk register for an agent project
Ethical decisions are part of engineering, not an optional extra.

What comes next

Next we scale reliability and evaluation because that is what production demands.

Continue to Advanced mastery

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent

Security and ethics

Threat modelling, prompt injection defence, and responsible deployment.

Style

scenario

50 questions

75 min timed

Pass standard

70%

Not externally certified

Learning contract

Security and Ethics outcomes

About 15 hours

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

Identify prompt injection attempts and explain a safe response
Apply data handling rules for sensitive content
Explain the trade offs between capability and safety in plain language
Use a simple risk register for an agent project

Loading content...

Next step

Practise this level, then take the timed assessment

I recommend you start with the practice assessment for Security and ethics. It is not timed and it helps you write a clear CPD reflection before the full assessment.

Questions

Minutes

70%

Pass mark

Practice assessment

Start the practice assessment for Security and ethics

It is designed for confidence and evidence, and you can retry as often as you need.

Start practice assessment

Full assessment

AI Agents Security and ethics assessment

This assessment is timed. It is free to take and you can retry as often as you need.

Detailed feedback on every question
Pass evidence recorded in your account on pass
Personalised recommendations on weak areas

You can complete the course while signed out, and your progress saves in this browser. Sign in before assessments so your pass record is attached to your account.

Courses and assessments are free. There is no paywall for the learning path, practice questions, or formal assessments. Optional donations support hosting, maintenance, and ongoing updates.

During timed assessments, copy and the context menu are restricted to reduce casual cheating. Passed assessments are recorded in your account as evidence.

Course materials are protected by intellectual property rights.View terms

Loading lesson...

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed

0 of 3

You will be able to

Identify prompt injection attempts and explain a safe response
Apply data handling rules for sensitive content
Explain the trade offs between capability and safety in plain language

Pick up where you left off

Threats follow the tool path Defence in depth Responsible systems are designed

Optional

Full module map

Use this if you want the shape of the level before you start

Show

Module 4.1Threats follow the tool path

Most agent threats are about untrusted input reaching powerful tools or sensitive data.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain threats follow the tool path in your own words and apply it to a realistic scenario.
Most agent threats are about untrusted input reaching powerful tools or sensitive data.
Check the assumption "All input is untrusted" and explain what changes if it is false.
Check the assumption "Tools are restricted" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Prompt injection. Hidden instructions change behaviour, often by asking the agent to ignore its rules.
Data exfiltration. The agent leaks secrets through output, logs, or tool parameters.

Module 4.2Defence in depth

Secure agents rely on layered controls, not one clever prompt.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain defence in depth in your own words and apply it to a realistic scenario.
Secure agents rely on layered controls, not one clever prompt.
Check the assumption "Policies are enforceable" and explain what changes if it is false.
Check the assumption "Auditing exists" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Single control reliance. If your only defence is a system prompt, you will be surprised.
Unsafe defaults. Default allow is easy and dangerous. Start with default deny.

Module 4.3Responsible systems are designed

Ethics is not a paragraph at the end. It is choices about users, harms, and accountability.

Open

Prerequisites

Core concepts and practical building context
Awareness of misuse patterns and safety boundaries

Outcomes

Explain responsible systems are designed in your own words and apply it to a realistic scenario.
Ethics is not a paragraph at the end. It is choices about users, harms, and accountability.
Check the assumption "Harms are considered" and explain what changes if it is false.
Check the assumption "Accountability is clear" and explain what changes if it is false.

Practice

Run one misuse scenario and write a defensive response
Describe one governance check before release

Artefact and failure modes

A security review note with threat, control, and owner
Optimising for engagement. If you optimise only for clicks, you can make behaviour worse while numbers look better.
No escalation path. When harm happens, users need a clear way to report and get help.

Optional

Planning and evidence

Objectives, timing, and CPD tracking

Show

Learning objectives

What you will be able to do

1. Identify prompt injection attempts and explain a safe response
Prompt injection and data leakage are the top real world risks right now.
2. Apply data handling rules for sensitive content
Security controls must match the actual deployment scenario, not the demo.
3. Explain the trade offs between capability and safety in plain language
Standards give you a defensible way to explain your choices.
4. Use a simple risk register for an agent project
Ethical decisions are part of engineering, not an optional extra.

What comes next

Next we scale reliability and evaluation because that is what production demands.

Continue to Advanced mastery

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent

Security and ethics

Threat modelling, prompt injection defence, and responsible deployment.

Style

scenario

50 questions

75 min timed

Pass standard

70%

Not externally certified

CPD timing

Security and Ethics time breakdown

Defensible timing based on page content: reading, labs, checkpoints, and reflection.

Reading

60m

9,110 words × 1.3

Practice

0 × 15m

Checkpoints

30m

6 × 5m

Reflection

24m

3 × 8m

Estimated total

2h 54m

Based on page content

Claimed hours

15h

Includes reattempts + capstone

Claimed hours exceed on-page estimate by ~13h. Gap will be filled with guided practice and assessment-grade work.

CPD tracking

Fixed hours for this level are 15. Timed assessment time is included once on pass.

View in My CPD

Pricing and CPD Sign in to sync progress and unlock assessments

Progress minutes

0.0 hours

Learning objectives

What you will be able to do

1. Identify prompt injection attempts and explain a safe response
Prompt injection and data leakage are the top real world risks right now.
2. Apply data handling rules for sensitive content
Security controls must match the actual deployment scenario, not the demo.
3. Explain the trade offs between capability and safety in plain language
Standards give you a defensible way to explain your choices.
4. Use a simple risk register for an agent project
Ethical decisions are part of engineering, not an optional extra.

What comes next

Next we scale reliability and evaluation because that is what production demands.

Continue to Advanced mastery

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent

Security and ethics

Threat modelling, prompt injection defence, and responsible deployment.

Style

scenario

50 questions

75 min timed

Pass standard

70%

Not externally certified

Learning contract

Security and Ethics outcomes

About 15 hours

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

Identify prompt injection attempts and explain a safe response
Apply data handling rules for sensitive content
Explain the trade offs between capability and safety in plain language
Use a simple risk register for an agent project

Loading content...

Next step

Practise this level, then take the timed assessment

I recommend you start with the practice assessment for Security and ethics. It is not timed and it helps you write a clear CPD reflection before the full assessment.

Questions

Minutes

70%

Pass mark

Practice assessment

Start the practice assessment for Security and ethics

It is designed for confidence and evidence, and you can retry as often as you need.

Start practice assessment

Full assessment

AI Agents Security and ethics assessment

This assessment is timed. It is free to take and you can retry as often as you need.

Detailed feedback on every question
Pass evidence recorded in your account on pass
Personalised recommendations on weak areas

You can complete the course while signed out, and your progress saves in this browser. Sign in before assessments so your pass record is attached to your account.

Courses and assessments are free. There is no paywall for the learning path, practice questions, or formal assessments. Optional donations support hosting, maintenance, and ongoing updates.

During timed assessments, copy and the context menu are restricted to reduce casual cheating. Passed assessments are recorded in your account as evidence.

Course materials are protected by intellectual property rights.View terms

Stage 4. Security and ethics

What you will be able to do

Level expectations

Security and Ethics time breakdown

What you will be able to do

Level expectations

Security and Ethics outcomes

Practise this level, then take the timed assessment

Start the practice assessment for Security and ethics

AI Agents Security and ethics assessment

Stage 4. Security and ethics

What you will be able to do

Level expectations

Security and Ethics time breakdown

What you will be able to do

Level expectations

Security and Ethics outcomes

Practise this level, then take the timed assessment

Start the practice assessment for Security and ethics

AI Agents Security and ethics assessment