Skip to main content

Chapter 11 Checkpoint

The AI security toolkit, all together. This mixed quiz pulls from every lesson. Passing means you can reason about the new attack surface — recognizing that most AI risk is familiar security around a manipulable component, and that the model must never be trusted to enforce security.

How this works

The quiz samples from a larger bank each attempt. The chapter's through-line: an LLM is not a security boundary. Prompt injection can't be prevented, agency multiplies its danger, red-teaming can't prove safety — so you architect deterministic controls around a model you assume can be compromised. If a question stings, follow its revisit link.

What you should be able to do now

  • Explain prompt injection — why it's injection, direct vs. indirect, and why it can't be prompted away.
  • Navigate the OWASP LLM Top 10 — most risks are classic security around a new component; a few are genuinely novel.
  • Contain excessive agency — least privilege for tools, the lethal trifecta, and human-in-the-loop for high-impact actions.
  • Secure the tool layer (MCP) — treat tool servers and their descriptions as untrusted (tool poisoning, line-jumping, token pass-through, over-broad scopes).
  • Red-team AI systems — handling non-determinism and the infinite input space, testing the whole system.
  • Apply the cardinal rule — the model proposes, deterministic code with real authorization disposes.

The checkpoint

Required checkpoint

Chapter 11: Securing AI Systems

Pass to unlock the Next button below

Chapter 11 complete

You can now reason about AI security with the right frame: prompt injection is unpreventable injection, most of the LLM Top 10 is familiar security around a manipulable component, excessive agency is what makes it catastrophic, the tool layer (MCP) is untrusted too, red-teaming finds breaks but can't certify safety, and the cardinal rule ties it together — an LLM is intelligence, not authorization; build security in deterministic code around it. Your ten chapters of security knowledge transfer directly; the model is just a new, untrusted node.

→ On to Chapter 12: Security Career — turning everything you've learned into a profession: the roles, certifications, portfolio, and multi-year path of a security engineer.