Secure AI Code & Libraries with Static Analysis

本课程是 AI Security: Security in the Age of Artificial Intelligence 专项课程的一部分

位教师：Aseem Singhal

访问权限由 New York State Department of Labor 提供

3个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

4 小时完成

灵活的计划

自行安排学习进度

3个模块

深入了解一个主题并学习基础知识。

中级等级

推荐体验

4 小时完成

灵活的计划

自行安排学习进度

您将学到什么

Configure Bandit, Semgrep, PyLint to detect AI vulnerabilities: insecure model deserialization, hardcoded secrets, unsafe system calls in ML code.
Apply static analysis to fix AI vulnerabilities (pickle exploits, input validation, dependencies); create custom rules for AI security patterns.
Implement pip-audit, Safety, Snyk for dependency scanning; assess AI libraries for vulnerabilities, license compliance, and supply chain security.

您将获得的技能

您将学习的工具

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

1 任务¹

AI 评分请参见免责声明

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

积累特定领域的专业知识

本课程是 AI Security: Security in the Age of Artificial Intelligence 专项课程专项课程的一部分

在注册此课程时，您还会同时注册此专项课程。

向行业专家学习新概念
获得对主题或工具的基础理解
通过实践项目培养工作相关技能
获得可共享的职业证书

该课程共有3个模块

Master comprehensive static analysis workflows for AI security using industry-standard tools like Bandit, Semgrep, and pip-audit. Learn to identify AI-specific vulnerabilities including insecure pickle deserialization, hardcoded secrets in training scripts, and dependency risks that traditional security tools miss. Through hands-on labs with real vulnerable ML codebases, you'll configure automated security scanning in CI/CD pipelines, create custom detection rules for TensorFlow/PyTorch patterns, and implement supply chain security with SBOM generation. Address the unique challenges of ML projects with 50+ dependencies while establishing production-ready security policies.

This course is ideal for anyone involved in AI development, automation, or system design, including software developers, data professionals, tech managers, and curious learners who want to understand modern multi-agent systems and how to govern them responsibly. Learners don’t need deep AI expertise to get started. A basic understanding of programming concepts and some familiarity with tools like Python or visual workflow builders will make the experience smoother, but the course guides you step by step from core ideas to more advanced design patterns. By course completion, you'll proactively secure AI systems against the growing threat landscape targeting machine learning workflows, preventing costly post-deployment fixes through early vulnerability detection in development processes.

This module establishes the foundation for secure AI development by teaching learners why traditional security approaches fall short for machine learning systems and how static analysis tools provide proactive vulnerability detection. Students will master the essential skills of configuring and integrating industry-standard security tools like Bandit, Semgrep, and PyLint into their AI development workflows, while understanding the unique threat landscape that AI/ML systems face in production environments.

涵盖的内容

4个视频2篇阅读材料1次同伴评审

4个视频总计28分钟

Welcome to Secure AI Code and Libraries with Static Analysis 4分钟
Why Secure AI Development Matters 9分钟
What is Static Analysis 9分钟
Setting Up Static Analysis Tooling 7分钟

2篇阅读材料总计10分钟

Welcome to the Course: Course Overview 5分钟
The State of AI Security: Why Static Analysis is Critical 5分钟

1次同伴评审总计20分钟

Hands-On-Learning: AI Startup Security Audit Crisis 20分钟

This module focuses on practical application of static analysis techniques to detect real security weaknesses commonly found in AI codebases. Students will learn to identify and remediate critical vulnerabilities including insecure model deserialization, hardcoded credentials in training scripts, and unsafe data pipeline operations, while developing custom detection rules tailored to AI-specific security patterns that generic tools often miss.

涵盖的内容

3个视频1篇阅读材料1次同伴评审

This module extends security analysis beyond first-party code to address the complex supply chain risks inherent in AI development's heavy reliance on external libraries. Students will master automated dependency scanning workflows using tools like pip-audit and Snyk to identify vulnerabilities in AI libraries, ensure license compliance across diverse open-source packages, and implement comprehensive supply chain security policies with Software Bill of Materials (SBOM) generation for production ML systems.