Master comprehensive static analysis workflows for AI security using industry-standard tools like Bandit, Semgrep, and pip-audit. Learn to identify AI-specific vulnerabilities including insecure pickle deserialization, hardcoded secrets in training scripts, and dependency risks that traditional security tools miss. Through hands-on labs with real vulnerable ML codebases, you'll configure automated security scanning in CI/CD pipelines, create custom detection rules for TensorFlow/PyTorch patterns, and implement supply chain security with SBOM generation. Address the unique challenges of ML projects with 50+ dependencies while establishing production-ready security policies.
Secure AI Code & Libraries with Static Analysis
Secure AI Code & Libraries with Static Analysis
位教师:Aseem Singhal
访问权限由 New York State Department of Labor 提供
您将学到什么
Configure Bandit, Semgrep, PyLint to detect AI vulnerabilities: insecure model deserialization, hardcoded secrets, unsafe system calls in ML code.
Apply static analysis to fix AI vulnerabilities (pickle exploits, input validation, dependencies); create custom rules for AI security patterns.
Implement pip-audit, Safety, Snyk for dependency scanning; assess AI libraries for vulnerabilities, license compliance, and supply chain security.
您将获得的技能
- Open Web Application Security Project (OWASP)
- Program Implementation
- AI Security
- AI Personalization
- PyTorch (Machine Learning Library)
- Continuous Integration
- Dependency Analysis
- Vulnerability Scanning
- DevSecOps
- Code Review
- MLOps (Machine Learning Operations)
- Responsible AI
- Application Security
- Secure Coding
- Analysis
- Threat Modeling
- Supply Chain
- 技能部分已折叠。显示 7 项技能,共 17 项。
要了解的详细信息
了解顶级公司的员工如何掌握热门技能
积累特定领域的专业知识
本课程是 AI Security: Security in the Age of Artificial Intelligence 专项课程 专项课程的一部分
在注册此课程时,您还会同时注册此专项课程。
- 向行业专家学习新概念
- 获得对主题或工具的基础理解
- 通过实践项目培养工作相关技能
- 获得可共享的职业证书
该课程共有3个模块
This module establishes the foundation for secure AI development by teaching learners why traditional security approaches fall short for machine learning systems and how static analysis tools provide proactive vulnerability detection. Students will master the essential skills of configuring and integrating industry-standard security tools like Bandit, Semgrep, and PyLint into their AI development workflows, while understanding the unique threat landscape that AI/ML systems face in production environments.
涵盖的内容
4个视频2篇阅读材料1次同伴评审
This module focuses on practical application of static analysis techniques to detect real security weaknesses commonly found in AI codebases. Students will learn to identify and remediate critical vulnerabilities including insecure model deserialization, hardcoded credentials in training scripts, and unsafe data pipeline operations, while developing custom detection rules tailored to AI-specific security patterns that generic tools often miss.
涵盖的内容
3个视频1篇阅读材料1次同伴评审
This module extends security analysis beyond first-party code to address the complex supply chain risks inherent in AI development's heavy reliance on external libraries. Students will master automated dependency scanning workflows using tools like pip-audit and Snyk to identify vulnerabilities in AI libraries, ensure license compliance across diverse open-source packages, and implement comprehensive supply chain security policies with Software Bill of Materials (SBOM) generation for production ML systems.
涵盖的内容
4个视频1篇阅读材料1个作业2次同伴评审
获得职业证书
将此证书添加到您的 LinkedIn 个人资料、简历或履历中。在社交媒体和绩效考核中分享。
提供方
人们为什么选择 Coursera 来帮助自己实现职业发展
Felipe M.
自 2018开始学习的学生
''能够按照自己的速度和节奏学习课程是一次很棒的经历。只要符合自己的时间表和心情,我就可以学习。'
Jennifer J.
自 2020开始学习的学生
''我直接将从课程中学到的概念和技能应用到一个令人兴奋的新工作项目中。'
Larry W.
自 2021开始学习的学生
''如果我的大学不提供我需要的主题课程,Coursera 便是最好的去处之一。'
Chaitanya A.
''学习不仅仅是在工作中做的更好:它远不止于此。Coursera 让我无限制地学习。'
从 Information Technology 浏览更多内容
¹ 本课程的部分作业采用 AI 评分。对于这些作业,将根据 Coursera 隐私声明使用您的数据。