CURRICULUM: Cloud Security 5 Day Course 30 CPEs 19 Labs As organizations adopt AI agents quickly, SEC546 gives security professionals a practical, defense-focused approach to protecting systems that can reason, act, use tools, maintain memory, and coordinate across business processes. Students learn how agentic systems are attacked, where trust breaks down, and how to reduce risk through layered defensive controls. The course shows how to establish trusted boundaries around agent inputs and outputs, defend against prompt-based manipulation, apply secure development practices, and enforce identity, permission, and least-privilege controls so agents operate only within clearly defined limits. From there, SEC546 moves into the operational realities of defending agentic environments at scale. Students protect memory and context from tampering, detect and isolate unsafe or rogue behavior, and apply runtime oversight that keeps agents observable, governed, and aligned with policy as conditions change. The course then hardens what agents depend on at runtime: securing MCP data flows, sandboxing tool execution, defending desktop agents, and validating the provenance of dependencies, skills, and prompts. Students defend the runtime environment where agents communicate with peers, drive browsers and operating systems, and delegate authority, then establish fail-safe controls for agents that act on the physical world. The course also prepares defenders for emerging threats in increasingly connected and autonomous environments. By the end of the week, students can harden agentic AI across the full lifecycle and apply disciplined defensive practices to one of the fastest- moving areas in cyber defense, proven through a comprehensive live-fire defense capstone. Syllabus Summary SECTION 1: Foundations of Agentic AI Security SECTION 2: Agent Operations, Hardening, and MCP Defense SECTION 3: Secure MCP, Desktop Agents and Runtime Defenses SECTION 4: Multi-Agent, Browser and Computer-Use Agent Security SECTION 5: Cyber-Physical Agent Security and Emerging Frontiers You Will Be Able To ▐ Model agentic AI threats, trust boundaries, and core attack surfaces ▐ Enforce secure input, output, identity, and permission boundaries ▐ Defend against prompt injection, context poisoning, and tool tampering ▐ Harden agent memory, runtime operations, and rogue agent containment ▐ Secure MCP flows, tool execution, desktop agents, and dependencies ▐ Protect multi-agent, browser, and computer-use agent ecosystems ▐ Apply cyber-physical safeguards through hands- on live-fire defense exercises Who Should Attend ▐ SEC546 is designed for security professionals responsible for designing, reviewing, or defending systems that include AI agents, and for engineers and architects applying traditional security disciplines to a class of systems that did not exist in production a few years ago. The course assumes working comfort with Python, command line, and containers, along with a foundational understanding of LLMs and GenAI concepts. Business Takeaways ▐ Reduce enterprise risk from autonomous agents, tools, and connected systems ▐ Establish enforceable guardrails for agent actions, data, and permissions ▐ Improve resilience against prompt injection and agent-driven compromise paths ▐ Strengthen governance for agent memory, runtime behavior, and oversight ▐ Secure desktop, browser, and multi-agent workflows at scale For detailed course description, visit SANS.ORG/SEC546 WAYS TO TAKE SEC546 FEATURED NEW COURSE SEC546: Securing Agentic AI™ Viswanath (Vis) Chirravuri Course Author Live Online OnDemand