

Red, Blue, Purple AI - March 27-28
Over the course of the last two years I've been working on a new course. My area of expertise is usually offensive security, but through my consulting, advising, and leadership roles, I've been exposed to almost every part of a security program. Not only have I had the tremendous opportunity to learn in many domains, but I've also had the luck to work at different organizations that are at various stages of their security program.
Shortly after the initial launch of ChatGPT 3.5, I caught the bug of being obsessed with generative AI.
Being similarly obsessed with both topics, cybersecurity and AI, I began to develop tools in private and then to build a talk on current generation AI and LLM helpers for security.
I have given that talk a few times now and out of all the presentations in my career and having spoken all around the world, I think I have gotten the most praise and feedback for that than any other.
So, I came home immediately and started building what I think is a one-of-a-kind course.
Red Blue Purple AI reverse engineers security programs, and security people's day-to-day needs. It maps these out in an easy-to-understand way and teaches security professionals how to supercharge their abilities.
Below is a high-level structure of the syllabus, but as some of the class is super secret sauce, most of the content will be covered live during the class.
By the end of the course the student should be well-prepared to apply the knowledge from the course to build their own world-class bots.
See you in Red Blue Purple AI.
Syllabus:
Section 1 - LLMs for Power Users:
The class begins by giving away my homegrown tips and tricks for prompt engineering and building world-class LLM bots. My personal bot, SecGPT, has over 10,000 uses on the GPT store and is in the top 100 in the "research" category for OpenAI. It outperforms every other bot in the security realm by far, and I will teach the students how to make bots just like it for their purposes. This includes going over prompt engineering, common misconceptions about LLMs, configuration of key settings for security work, problem solving steps, and more.
Some Topics:
- Limitations of LLMs
- Problem solving for the human brain
- Problem solving with an LLM
- Point in time discussion of best models
- (BETA) Seed
- Agents and Cross Talk
- RAG
- API Basics
- Privacy
- Chain of Thought
Prompt Engineering for Security:
- System Instruction
- Temperature
- Context Windows and Tokens
- Structure
- Sampling
- Language
- Sub Training and Files
- Weird Machine Tricks
- Single Shot vs Multi-Shot
Section 2 - Breaking Down Security:
After diving into the environment around getting set up, we will begin to reverse engineer what components security programs have. We will split the domains of security into red, blue, and purple topics.
Section 3 - Red AI:
Some Topics covered:
- AI in internal and consultant based offensive security.
- Automation building via AI
- Phishing augmentation via AI
- Vulnerabilty Management augmented by AI
- Exploit dev and modification with AI
- Documentation and Reporting
- Tool Development
- Appsec analysis topics
Section 4 - Blue AI:
Some Topics covered:
- The Open and Closed Source Landscape
- SOC Duties and AI Helpers
- CTI Duties and AI Helpers
- Threat Hunting Duties and AI Helpers
- DFIR Duties and AI Helpers
Section 5 - Purple AI:
Some Topics covered:
- The Open and Closed Source Landscape
- Tabletopping
- Attack Simulation and Automation
- MITRE ATT&CK and Atomics
- Using AI for Security Program Maturity Assessment and Enhancement
- AI in Security Training: Customized Training Modules and Simulations, paved road integration and documentation
- Security Engineering and Product Security topics - Architecture, Configuration, Security as Code.
Section 6 - Silver AI:
Some Topics covered:
- Leadership and program management topics aided by AI
Section 7 - Future Tech:
- A conversation about capabilities on the horizon and how to be early adopters.
Some Reviews...
Just completed an outstanding "Red Blue Purple AI" training with Jason Haddix that explored how to leverage AI in cybersecurity from a Red Team perspective. The session was packed with practical strategies, including creating custom ChatGPT prompts to streamline and enhance cybersecurity workflows. Highly recommend this training for anyone eager to integrate generative AI into their security operations.
— Bharanisai M
Been slippin on my pimpin on this, but completed Jason Haddix’s Red, Blue Purple AI course a couple weeks ago. My last post was after Day 1, but Day 2 continued to raise the bar. In my 7 years of learning all the security things I have never walked away from a machine, article, course, etc. with the amount of desire and inspiration to just dive into the things I learned from it. It not only gives you the knowledge required to start doing some cool things with AI, but for the ones with a mind built for discovery (i.e the hackers), it lays all the carrots you need to just dive into the rabbit hole and see what you come out with.
— Kristoffer Sketch
I’m happy to share that I’ve completed a new training on "Red Blue Purple AI".
It was wonderful and so much to learn, explore and brainstorm in the world of LLM, prompt engineering and security. It is just the beginning & this rabbit hole goes deep.
— Rishi N
This past week, I attended the Red Blue Purple AI course by Arcanum Information Security, and it was an incredible experience. Jason Haddix once again delivered a pioneering course, this time diving into security and AI. The depth of the technical content was impressive, and the active participation of some of my security heroes made it even more outstanding.
— Michael Medenblik
A huge thank you to Jason Haddix from Arcanum Security for the fantastic class: Red, Blue, Purple AI!
I thoroughly enjoyed the sessions this past Thursday and Friday and am eagerly looking forward to more classes with Jason. I've got my eye on the Bug Hunters Methodology class next. 👀
Shout out to anyone looking to dive deeper into becoming an LLM power user, improving at manipulating models, writing bots, and developing innovative systems and use cases. Jason's class is a must!
— Peter Drybrough
Day 2 of Jason Haddix's Red Blue Purple AI delivered powerful insights into using AI for creating everything from policy development, working bypasses, detection rules all the way to a functional vCISO bot - you name it. The class was truly extraordinary, with myself having multiple lightbulb moments. Phenomenal job! Highly recommend you take this when it's next available
— Daniel Pajtak
Arcanum has trained proffessionals at:


