Red, Blue, Purple AI 2.0
Super‑charge your day‑to‑day security workflow with AI tactics.
Course Schedule:
- Day 1: July 15 - 10am-5pm MST
- Day 2: July 17 - 10am-5pm MST
Red Blue Purple AI – Course Description
Over the past few years, I’ve had the privilege of straddling two passions: offensive security and generative AI. That obsession has snowballed into a series of talks, tools, and now—this course. Red Blue Purple AI is a deep-dive into using LLMs like GPT, Claude, and others to supercharge your work across all major domains of cybersecurity.
This course isn’t just theory. It’s built from real-world consulting, hands-on research, and daily workflows I use as a practitioner. We’ll walk through not just how LLMs think—but how to train, trick, and optimize them to perform at a high level. By the end, you’ll have the knowledge to build domain-specific, high-performance bots that augment your workflow or even act autonomously.
If you're a security practitioner (offensive, defensive, or hybrid) or a curious leader looking to infuse AI into your security program, this course is for you.
See you in Red Blue Purple AI.
Who This Is For
- Security engineers, SOC analysts, red‑/blue‑/purple‑teamers who already know the fundamentals of their role but want to 10× their output
- Solo consultants and small teams that need “force‑multipliers” without head‑count increases
- Tech‑savvy CISOs & security managers evaluating AI adoption for their operations
What You’ll Learn
- Model IQ: quick‑start on LLM architecture, fine‑tuning options, context windows, cost models
- Prompt Engineering Patterns: reusable templates for creating bots and agents.
- Bot Factory: hands‑on labs building GPTs and micro‑agents that tackle repetitive tasks.
v2.0 Syllabus:
AI History & LLMs for Power Users
- The modern rise of AI: GPT-3 onward...
- My own LLMs in action (e.g., Arcanum Cyber Security Bot, GPT Store bots)
- Model evaluations: Claude, GPT, DeepSeek, Gemini, Llama 3, ++
- My choices for security tasks, research, and user use cases
- Privacy strategies: obfuscation, local-first, Azure OpenAI
- LLM architecture basics: context windows, temperature, system prompts, RAG, Agents
- MCP and MCP in Security
- Chat interfaces vs APIs
- Playgrounds for APIs
- Cloud vs local models
- Frontends: Ollama, LM Studio, OpenWebUI, Fabric, ++
Prompt Engineering:
- Problem solving for humans
- Single-shot vs multi-shot
- Chain-of-thought prompting
- Metadata seeding
- “Weird machine” tricks
- The Arcanum System Prompt Methodology
- Automation of best in class prompting via Systembot
New ways to use LLMS:
- NotebookLM
- Browser "driving"
- General agents
- Streaming
- AI aided development and best practices
- Multiprompting
- Automation frameworks
Breaking Down Security Programs
- Mental modeling of Red, Blue, and Purple domains
- Mapping day-to-day workflows to AI agents
- Tools, pain points, and how AI fits into daily security tasks
Red AI (Offensive Security & AI)
Augmenting Recon, OSINT
- Custom GPTs: Subdomain Doctor, Acquisition and Recon GTP
- Phishing and pretexting with AI
Vuln Analysis and Exploitation (Web)
- LLM-assisted AppSec testing questions
- JavaScript Analysis
- LLM assisted filter bypass
- Web CVE Bot
- Scaling automated scanners (Nuclei, Nessus)
Burp Suite
- A compete overview of all new Burp Suite AI features and extensions
Vuln Analysis and Exploitation (Red Teaming)
- Initial access payload modification with LLMs
- Ducky Script
- Extending your C2 and research capabilities with LLMs
- MCPs for Red Teaming
Reverse Engineering
A overview of the current RE assist extensions and MCPs for:
- Ghidra
- IDA Pro
- LLDB
- RADARE
- Binary Ninja
Automating Pentesting with AI
- An overview of the open source space, research space, and startup space when it comes to automating hacking. With a breakdown of the most common architectures and technologies to achieve that goal.
Misc
- CloudSec, Privilege Escalation, Reporting with AI, and more
Blue AI (Defensive Operations & AI)
SOC, DFIR, and Threat Hunting bots:
- ELK Sec Bot
- Splunk Bot
- Suricata Bot
- YARA
- OSQuery
- Wireshark
- PolicyBot
- IR playbook creation with Incident Responder Bot
- Tabletop and exec briefing bots
- STIX data transformation bot
The future of blue teaming - MCP SIEM
Vuln management:
- Best practices
- Augmenting with LLMs
- Automation approaches
Purple AI (Training & Simulation)
Code Analysis
- Semgrep Bot
- Snyk Bot
- CodeQL resources
- VulnHunter
MITRE ATT&CK
LLM-generated tabletops and security training tools
LLMs as force multipliers in program maturity and paved road security documentation
LLM Assisted Threat Modeling
Silver AI (Leadership, Strategy & Management)
- AI for CISO-level decision making
- Bots for risk communication and planning
- Automation of executive briefs and strategic alignment
Future Tech and AI Research Frontiers
- AI agents and autonomous security tools
- The edge of AI-driven vulnerability discovery
- Preparing for AGI-level assistants and ethical dilemmas
Some Reviews...
Just completed an outstanding "Red Blue Purple AI" training with Jason Haddix that explored how to leverage AI in cybersecurity from a Red Team perspective. The session was packed with practical strategies, including creating custom ChatGPT prompts to streamline and enhance cybersecurity workflows. Highly recommend this training for anyone eager to integrate generative AI into their security operations.
— Bharanisai M
Been slippin on my pimpin on this, but completed Jason Haddix’s Red, Blue Purple AI course a couple weeks ago. My last post was after Day 1, but Day 2 continued to raise the bar. In my 7 years of learning all the security things I have never walked away from a machine, article, course, etc. with the amount of desire and inspiration to just dive into the things I learned from it. It not only gives you the knowledge required to start doing some cool things with AI, but for the ones with a mind built for discovery (i.e the hackers), it lays all the carrots you need to just dive into the rabbit hole and see what you come out with.
— Kristoffer Sketch
I’m happy to share that I’ve completed a new training on "Red Blue Purple AI".
It was wonderful and so much to learn, explore and brainstorm in the world of LLM, prompt engineering and security. It is just the beginning & this rabbit hole goes deep.
— Rishi N
This past week, I attended the Red Blue Purple AI course by Arcanum Information Security, and it was an incredible experience. Jason Haddix once again delivered a pioneering course, this time diving into security and AI. The depth of the technical content was impressive, and the active participation of some of my security heroes made it even more outstanding.
— Michael Medenblik
A huge thank you to Jason Haddix from Arcanum Security for the fantastic class: Red, Blue, Purple AI!
I thoroughly enjoyed the sessions this past Thursday and Friday and am eagerly looking forward to more classes with Jason. I've got my eye on the Bug Hunters Methodology class next. 👀
Shout out to anyone looking to dive deeper into becoming an LLM power user, improving at manipulating models, writing bots, and developing innovative systems and use cases. Jason's class is a must!
— Peter Drybrough
Day 2 of Jason Haddix's Red Blue Purple AI delivered powerful insights into using AI for creating everything from policy development, working bypasses, detection rules all the way to a functional vCISO bot - you name it. The class was truly extraordinary, with myself having multiple lightbulb moments. Phenomenal job! Highly recommend you take this when it's next available
— Daniel Pajtak
Arcanum has trained proffessionals at:
