.svg)
Red Blue Purple AI (Live, July 15 & 17)
Super‑charge your day‑to‑day security workflow with AI tactics.
Super‑charge your day‑to‑day security workflow with AI tactics.
Course Schedule:
- Day 1: July 15 - 10am-5pm MST
- Day 2: July 17 - 10am-5pm MST
Red Blue Purple AI – Course Description
Over the past few years, I’ve had the privilege of straddling two passions: offensive security and generative AI. That obsession has snowballed into a series of talks, tools, and now—this course. Red Blue Purple AI is a deep-dive into using LLMs like GPT, Claude, and others to supercharge your work across all major domains of cybersecurity.
This course isn’t just theory. It’s built from real-world consulting, hands-on research, and daily workflows I use as a practitioner. We’ll walk through not just how LLMs think—but how to train, trick, and optimize them to perform at a high level. By the end, you’ll have the knowledge to build domain-specific, high-performance bots that augment your workflow or even act autonomously.
If you're a security practitioner (offensive, defensive, or hybrid) or a curious leader looking to infuse AI into your security program, this course is for you.
See you in Red Blue Purple AI.
Who This Is For
- Security engineers, SOC analysts, red‑/blue‑/purple‑teamers who already know the fundamentals of their role but want to 10× their output
- Solo consultants and small teams that need “force‑multipliers” without head‑count increases
- Tech‑savvy CISOs & security managers evaluating AI adoption for their operations
What You’ll Learn
- Model IQ: quick‑start on LLM architecture, fine‑tuning options, context windows, cost models
- Prompt Engineering Patterns: reusable templates for creating bots and agents.
- Bot Factory: hands‑on labs building GPTs and micro‑agents that tackle repetitive tasks.
v2.0 Syllabus:
AI History & LLMs for Power Users
- The modern rise of AI: GPT-3 onward...
- My own LLMs in action (e.g., Arcanum Cyber Security Bot, GPT Store bots)
- Model evaluations: Claude, GPT, DeepSeek, Gemini, Llama 3, ++
- My choices for security tasks, research, and user use cases
- Privacy strategies: obfuscation, local-first, Azure OpenAI
- LLM architecture basics: context windows, temperature, system prompts, RAG, Agents
- MCP and MCP in Security
- Chat interfaces vs APIs
- Playgrounds for APIs
- Cloud vs local models
- Frontends: Ollama, LM Studio, OpenWebUI, Fabric, ++
Prompt Engineering:
- Problem solving for humans
- Single-shot vs multi-shot
- Chain-of-thought prompting
- Metadata seeding
- “Weird machine” tricks
- The Arcanum System Prompt Methodology
- Automation of best in class prompting via Systembot
New ways to use LLMS:
- NotebookLM
- Browser "driving"
- General agents
- Streaming
- AI aided development and best practices
- Multiprompting
- Automation frameworks
Breaking Down Security Programs
- Mental modeling of Red, Blue, and Purple domains
- Mapping day-to-day workflows to AI agents
- Tools, pain points, and how AI fits into daily security tasks
Red AI (Offensive Security & AI)
Augmenting Recon, OSINT
- Custom GPTs: Subdomain Doctor, Acquisition and Recon GTP
- Phishing and pretexting with AI
Vuln Analysis and Exploitation (Web)
- LLM-assisted AppSec testing questions
- JavaScript Analysis
- LLM assisted filter bypass
- Web CVE Bot
- Scaling automated scanners (Nuclei, Nessus)
Burp Suite
- A compete overview of all new Burp Suite AI features and extensions
Vuln Analysis and Exploitation (Red Teaming)
- Initial access payload modification with LLMs
- Ducky Script
- Extending your C2 and research capabilities with LLMs
- MCPs for Red Teaming
Reverse Engineering
A overview of the current RE assist extensions and MCPs for:
- Ghidra
- IDA Pro
- LLDB
- RADARE
- Binary Ninja
Automating Pentesting with AI
- An overview of the open source space, research space, and startup space when it comes to automating hacking. With a breakdown of the most common architectures and technologies to achieve that goal.
Misc
- CloudSec, Privilege Escalation, Reporting with AI, and more
Blue AI (Defensive Operations & AI)
SOC, DFIR, and Threat Hunting bots:
- ELK Sec Bot
- Splunk Bot
- Suricata Bot
- YARA
- OSQuery
- Wireshark
- PolicyBot
- IR playbook creation with Incident Responder Bot
- Tabletop and exec briefing bots
- STIX data transformation bot
The future of blue teaming - MCP SIEM
Vuln management:
- Best practices
- Augmenting with LLMs
- Automation approaches
Purple AI (Training & Simulation)
Code Analysis
- Semgrep Bot
- Snyk Bot
- CodeQL resources
- VulnHunter
MITRE ATT&CK
LLM-generated tabletops and security training tools
LLMs as force multipliers in program maturity and paved road security documentation
LLM Assisted Threat Modeling
Silver AI (Leadership, Strategy & Management)
- AI for CISO-level decision making
- Bots for risk communication and planning
- Automation of executive briefs and strategic alignment
Future Tech and AI Research Frontiers
- AI agents and autonomous security tools
- The edge of AI-driven vulnerability discovery
- Preparing for AGI-level assistants and ethical dilemmas
Having dedicated years to the cybersecurity community, I've decided it's time to embark on a new journey—launching Arcanum Information Security, infused with a unique approach that sets us apart. At Arcanum, our mission is to make a tangible impact on the security community with world class, modern, and accessible training. In parallel to our training efforts, Arcanum aims to disrupt the consulting model with our unique consulting services.
Stay looped in
Level up your security with Arcanum
We're trying to leave a tangible positive impact on cybersecurity through content, consulting, and training. Reach out to learn more!