About the Course
This free course is for anyone using AI tools without a clear framework for the security and privacy risks that come with it. You'll learn how AI has changed the threat landscape for everyday users—why the phishing detection skills you relied on no longer work, what data you're actually sharing when you use cloud AI, and how AI systems themselves can be vulnerabilities. By the end, you'll have practical habits around what data goes into AI tools and what stays out, the ability to recognize AI-generated phishing and deepfakes at a better-than-baseline rate, and—most importantly—an honest understanding of what you still don't know. This course does not make you secure. It makes you aware, which is the foundation that matters.
Who this course is for
Why This Course Is Free
Security awareness is too important to put behind a paywall.
If you're using AI tools — for work, for your business, for your creative practice — you're operating in an environment where the threat landscape has changed in ways that most people don't fully understand. Attackers use AI. The tools you trust with your data have privacy implications you may not have considered. The workflows you build can have vulnerabilities you didn't know to look for.
This course exists because we believe everyone using AI tools deserves a clear, honest picture of what they're walking into. It is a foundation — the minimum anyone should have before using AI seriously. It is not a ceiling.
We're giving it away because it's the right thing to do, and because we'd rather our students have it than not have it, regardless of whether they've paid for anything else.
Who They Are
Our students are people who use AI tools and haven't thought systematically about the security implications of that use.
They are not naive. They know cybersecurity is a field that exists. They lock their phones and use password managers (probably). They recognize a phishing email — most of the time. What they don't have is a mental model for how AI specifically changes the threat landscape, what data they're sharing when they use the tools they use every day, or what it means to build a workflow that involves AI making decisions or taking actions on their behalf.
They may be: - Students or graduates of our other courses who are now actively using AI tools and building AI-assisted workflows - People considering the paid curriculum who want to understand what they're getting into - Professionals who've been handed an AI tool at work and told to use it - Independent workers, freelancers, or solopreneurs who are using multiple AI services without a clear picture of what each one is doing with their data - Anyone who has thought "I should probably understand the security side of this" and not known where to start
What They're Not
They are not: - Security engineers or IT professionals looking for technical depth - People who need enterprise security architecture or compliance guidance - Penetration testers or researchers - Looking for a comprehensive treatment of cybersecurity — this course covers AI-specific threats and risks, not the full field
If any of the above describes you: this course is still useful as an orientation to the AI-specific threat surface. But the technical depth you need is beyond its scope, and it's honest about that.
What They're Feeling
Vague Unease, Unexamined
Most students come to this course with a background sense that they should be more careful than they are — without a clear picture of what "careful" means in practice. They've read headlines about AI-generated deepfakes, heard something about prompt injection, maybe had a colleague mention that they shouldn't put sensitive data into ChatGPT. The anxiety is there; the framework for addressing it isn't.
Optimism Bias About Their Own Risk
A common pattern: "I'm not doing anything important enough to be a target." This is both understandable and frequently wrong. The attackers most likely to affect most people aren't nation-state actors targeting specific individuals — they're automated systems running AI-generated phishing at scale, indiscriminately. The personal importance of your work doesn't determine whether you're a target.
Tool Trust Without Tool Understanding
Most people extend a degree of trust to AI tools that isn't calibrated to what those tools actually do. They've accepted terms of service without reading them. They paste sensitive information into cloud AI because it's convenient. They've never thought about what happens to that data after the conversation ends. The trust is real; the basis for it is not always examined.
Fear of Being the Weakest Link
For people who work in organizations or with clients: the awareness that their individual practices can compromise other people's data creates a specific kind of anxiety. This course helps them be a more responsible steward of shared information — not through technical expertise, but through better judgment.
What This Course Gives Them
Not security. Awareness.
The distinction matters. A student who completes this course will have:
- A clear mental model of how AI changes the threat landscape for people who use AI tools (not for security engineers — for users)
- Practical habits around what data to share with AI tools and what to keep out
- The ability to recognize AI-generated phishing and synthetic media at a better-than-baseline rate
- An understanding of how AI workflows can introduce vulnerabilities, and what questions to ask before building or using one
- The habit of asking "what could go wrong?" in an AI context — not paranoia, but appropriate vigilance
- A clear understanding of what they don't know — which is the most important thing the course provides
What This Course Explicitly Does Not Give Them
- Comprehensive cybersecurity knowledge
- The ability to audit an organization's AI security posture
- Technical depth on cryptography, network security, or authentication systems
- A guarantee of safety — there is no such guarantee
- Permission to stop learning — the threat landscape evolves faster than any course
The False Confidence Problem
This course names a risk that most educational content ignores: partial knowledge in security is sometimes more dangerous than no knowledge, because it produces unwarranted confidence. A person who knows the name "prompt injection" but doesn't fully understand its implications might feel more secure than they actually are.
We address this by: - Naming the false confidence problem explicitly in the first lesson - Building "what this doesn't cover" sections into each module - Emphasizing that security is a mindset and an ongoing practice, not a credential you earn by finishing a course - Directing students toward professional resources for anything that exceeds this course's scope
Success Metrics
We'll know this course works when students can:
- [ ] Explain, in plain language, three ways AI has changed the threat landscape for everyday users
- [ ] Name at least two categories of data they will no longer put into cloud AI tools without organizational authorization
- [ ] Identify at least two markers of AI-generated phishing that they didn't know to look for before
- [ ] Explain what prompt injection is and why it matters for tools they use or build
- [ ] State, accurately, what this course does not cover — and where to go for the next level of knowledge
The Promise
This is the floor. Not the ceiling. Take it seriously, stay humble about its limits, and keep learning.
Key Goals
After completing this course, you will be able to:
-
Explain how AI has changed the threat landscape for everyday AI users, specifically in the areas of phishing, social engineering, and scale attacks.
-
Identify which categories of data you should never put into cloud AI tools without organizational authorization, and articulate the reasoning behind each category.
-
Recognize the markers of AI-generated phishing emails and synthetic media (voice cloning, deepfakes) at a rate better than baseline, and apply the "context before content" verification habit.
-
Distinguish between what data cloud AI providers do and don't do with user conversations, and evaluate any new AI tool using a five-question framework before putting sensitive data into it.
-
Explain what prompt injection is, why it's hard to fix, and where you're exposed to it through the tools you use.
-
Apply the principle of least privilege and the "confirm before acting" habit when evaluating AI tools that take autonomous actions on your behalf.
-
Evaluate new threats as they emerge using a framework that assesses source credibility, severity vs. likelihood, and whether the threat applies to your specific situation.
-
Recognize the boundary of your knowledge and know when to escalate a security concern to someone with expertise, rather than attempting to resolve it yourself.
Prerequisites
Next Steps
AI Security Essentials — Outline
Common Questions
Who is this course for?
A: This course is for anyone using AI tools—students, freelancers, professionals, independent workers—who hasn't thought systematically about the security implications of that use. You already know the basics of cybersecurity (you lock your phone, you recognize an obvious phishing email). What you don't have is a mental model for how AI specifically changes the threat landscape. This course gives you that model.
Will this course make me secure?
A: No. This course builds security awareness, not security. Awareness is better than nothing—it shapes the decisions you make every day when using AI tools—but it is not a substitute for expertise you don't have, and it does not guarantee protection. A person who completes this course will recognize more threats, make better decisions about data, and know when to escalate to someone with actual expertise. That's the realistic ceiling.
What if I'm a security professional or IT person?
A: This course is designed for AI users, not for people whose job is securing AI systems. If you're a security engineer, this course will provide useful orientation to the AI-specific threat surface, but the technical depth you need exceeds its scope. It will be a foundation, not sufficient preparation for professional-level work.
How much time does this course take?
A: Approximately 1–2 weeks part-time. The course has 4 modules and 17 lessons total. It's deliberately shorter than the paid curriculum because security awareness doesn't require weeks—it requires the right framework applied consistently. You can move through it faster or slower depending on how much time you have.
Do I need to be technical? Will there be code or complicated math?
A: No. This course requires no technical background. It uses real examples and real tool names, but it does not require you to understand cryptography, network protocols, or how machine learning models work. Some lessons touch on technical concepts (like how prompt injection works), but they're explained for a general audience, not for programmers.
What tools do I need?
A: Nothing special. You'll need access to the internet and the ability to read privacy policies (which are just text documents). If you follow the lessons that mention specific AI tools, you'll benefit from having used at least one cloud AI tool (ChatGPT, Claude, Gemini, or similar), but you don't need to set anything up or install software.
What does this course not cover?
A: This course covers AI-specific threats and the security implications of using AI tools. It does not cover comprehensive cybersecurity (network security, cryptography, authentication systems), enterprise security architecture, organizational compliance frameworks (GDPR, HIPAA), or formal security certifications. It also does not cover non-AI threats in depth—social engineering, malware, business email compromise, physical security—though these remain as relevant as ever.
Will I feel less anxious after finishing?
A: You might feel more anxious, at least initially. The course is designed to replace false confidence with calibrated concern. If you finish feeling completely secure about AI security, you've missed the point. The goal is to reach a place where you have appropriate vigilance—not paranoia, but genuine awareness of what you're trading and where the risks actually are. That awareness sometimes feels uncomfortable compared to not thinking about security at all.
Is this a sales pitch for your paid courses?
A: No. This course is complete as it is and stands alone. It is genuinely free. If you find it useful and want to go deeper into AI workflows, local AI, agents, or team adoption, there is paid curriculum available. But you are not missing anything by this course being free. The course contains natural pointers to where topics go deeper, but these are genuine resource recommendations, not promotional copy.
Glossary
AI — Artificial Intelligence The category of computational systems capable of learning patterns and generating human-like outputs. In this course, AI refers primarily to large language models and generative AI tools like ChatGPT, Claude, and Gemini.
API — Application Programming Interface A set of protocols and tools that allows different software systems to communicate with each other. Prompt injection attacks can manipulate AI systems that make API calls on behalf of users.
CCPA — California Consumer Privacy Act U.S. state privacy regulation governing how companies handle personal data. Mentioned in Module 2 as an example of regulatory frameworks that may apply to your data handling.
CISA — Cybersecurity and Infrastructure Security Agency U.S. government agency that publishes security alerts and vulnerability information. Recommended in Module 4 as a resource for ongoing threat intelligence.
CISSP — Certified Information Systems Security Professional A formal security certification requiring extensive training and experience. Mentioned in Module 4 as an example of professional-level security credentials beyond the scope of this course.
CompTIA Security+ — CompTIA Security+ Certification An industry-recognized security certification covering foundational cybersecurity concepts. Recommended in Module 4 as a structured path for deeper security knowledge.
DLP — Data Loss Prevention Systems and policies designed to prevent sensitive data from leaving an organization. Mentioned in Module 2 as beyond the scope of this introductory course.
EFF — Electronic Frontier Foundation Digital rights advocacy organization. Their Surveillance Self-Defense guide is recommended in Module 4 as a resource for personal security beyond AI tools.
GDPR — General Data Protection Regulation European Union privacy regulation governing how organizations handle personal data. Mentioned in Module 2 and 4 as an example of compliance frameworks requiring professional guidance.
HIPAA — Health Insurance Portability and Accountability Act U.S. regulation governing the handling of health information. Used in Module 2 as an example of sensitive data categories that should not be put into cloud AI tools without proper authorization.
ML — Machine Learning The subset of AI focused on systems that improve through exposure to data. Mentioned in Module 3 when discussing adversarial attacks on ML models.
NIST — National Institute of Standards and Technology U.S. government organization that publishes security guidelines and frameworks. Recommended in Module 4 as the standard in organizational security contexts.
NDA — Non-Disclosure Agreement A legal agreement restricting what can be shared about confidential information. Mentioned in Module 2 as a category of data that should not be put into cloud AI tools.
PII — Personally Identifiable Information Data that can identify an individual, such as names, addresses, social security numbers, or financial account information. Discussed in Module 2 as sensitive data requiring careful handling.
SOC 2 — Service Organization Control 2 A compliance framework for service providers managing customer data. Mentioned in Module 2 as beyond the introductory scope of this course.
SQL — Structured Query Language A programming language for querying databases. Prompt injection is compared to SQL injection in Module 3 as an analogous attack concept.
The Fine Print
Agentic AI AI systems that can take autonomous actions on behalf of users, such as sending emails, making API calls, browsing the web, or executing code. The more autonomous an AI system is, the higher the stakes of a successful attack or manipulation, which is why this course emphasizes the principle of least privilege and the "confirm before acting" habit for agentic systems.
Attack Surface The set of vulnerabilities and entry points that an attacker could exploit in a system. In this course, AI-powered tools introduce new attack surfaces because they process external content that can be manipulated (prompt injection) and because they may be compromised in ways that affect other users.
Authentication The process of verifying someone's identity—usually through passwords, biometric data, or other credentials. This course does not cover authentication systems in technical depth, but mentions it as an area of cybersecurity outside the scope of AI-specific threats.
Business Email Compromise (BEC) A type of social engineering attack where attackers impersonate a business contact to trick victims into transferring money or revealing sensitive information. Mentioned in Module 4 as a non-AI threat that remains as relevant as ever.
ChatGPT A consumer-tier AI chatbot developed by OpenAI. Used throughout the course as a concrete example of a cloud AI tool with specific data policies and privacy settings.
Claude An AI chatbot developed by Anthropic. Used throughout the course as an example of a cloud AI tool with different data practices than some competitors.
Cloud AI AI tools accessed through the internet and operated by third parties (like OpenAI, Anthropic, or Google) rather than running locally on a user's device. A central focus of Module 2, which covers the data-sharing implications of using cloud AI.
Cybersecurity The practice of protecting systems, networks, and data from attacks and unauthorized access. This course covers AI-specific security, which is a subset of cybersecurity, not a comprehensive treatment of the full field.
Data Governance The policies, procedures, and frameworks an organization uses to manage its data. Module 2 mentions data governance as beyond the introductory scope of this course, though it touches on the questions individuals should ask about organizational data.
Data Policy (or Privacy Policy) The legal document a service provider publishes describing how it collects, uses, retains, and protects user data. A key focus of Module 2: understanding the actual policy, not just marketing statements about privacy.
Deepfake A synthetic media (video, audio, or image) created using AI to impersonate a real person, typically for deception. A major topic in Module 1, with emphasis on the "context before content" verification habit and the limitations of detection tools.
Dunning-Kruger Effect A cognitive bias where people who are learning a complex subject tend to overestimate their knowledge. Explicitly addressed in Module 1, Lesson 1 as the "false confidence problem" that security awareness education can inadvertently create.
Enterprise Tier (or Business Tier) A service plan offered by cloud AI providers with more stringent data privacy controls than consumer tiers. Typically offers options like training data opt-out by default, longer data retention control, and dedicated support. Discussed in Module 2 as an alternative when sensitive organizational data needs to be processed with AI.
Escalation The process of reporting a security concern to someone with appropriate expertise to handle it. A key concept in Module 4, where knowing when and how to escalate is presented as a core security skill.
False Confidence Problem The risk that a person who learns partial security knowledge (e.g., knowing the term "prompt injection" without fully understanding it) feels more secure than they actually are. Explicitly named and addressed throughout this course as a problem most security education ignores.
Gemini A cloud AI tool developed by Google. Used throughout the course as an example of a commercial AI tool with specific data policies.
Generative AI AI systems that generate new content (text, images, video, audio) based on patterns learned from training data. The primary focus of this course's security considerations.
Identity and Access Management (IAM) The systems and policies organizations use to control who can access what resources. Mentioned in Module 4 as a critical security area not covered in depth in this introductory course.
Injection Attack An attack where malicious instructions are inserted into a system's processing context to manipulate its behavior. Prompt injection (covered in Module 3) is the AI-specific version of this attack concept.
Least Privilege (Principle of) The security principle that systems and users should have only the minimum access necessary to perform their function. Applied in Module 3 to AI agents: an AI tool should have only the permissions it needs, not unlimited access to all your data and systems.
Local AI AI models and tools that run on a user's own device rather than through a cloud service. Mentioned in Module 2 as an option for processing sensitive data that cannot be shared with cloud AI providers. Covered in greater depth in the LocalAI course.
Machine Learning (ML) A subset of AI focused on systems that improve through exposure to training data. The course mentions adversarial ML as a research area beyond the scope of this introductory course.
Model Training The process of improving an AI model by exposing it to data and adjusting its internal parameters. A key question in Module 2: whether your conversations train the model, which varies by provider and tier.
Network Security The practice of protecting networks from unauthorized access and data interception. Mentioned in Module 4 as a foundational security area not covered in this AI-focused course.
OpenAI The company that developed ChatGPT and other AI tools. Used throughout as a concrete example of a cloud AI provider with specific data policies.
Organizational Data Data belonging to an organization or its clients, as opposed to purely personal data. Module 2 emphasizes that individual data-sharing decisions can have implications for other people's data when you handle organizational information.
Phishing Deceptive emails, messages, or websites designed to trick people into revealing sensitive information or clicking malicious links. A major topic in Module 1, with emphasis on how AI has changed phishing's appearance and detection difficulty.
Prompt An instruction or question provided to an AI system. The term "prompt" is central to the entire course, especially in Module 3 where prompt injection is discussed.
Prompt Injection A security attack where malicious instructions are embedded in content processed by an AI system, causing the AI to override or ignore its intended behavior. The core concept of Module 3, compared to SQL injection as an analogous attack principle.
Red Team A group of security professionals who simulate attacks on a system to identify vulnerabilities. Mentioned in Module 3 as a formal methodology beyond the scope of this introductory course.
Retention Period How long a service provider keeps user data after a conversation or interaction ends. A key question in Module 2: understanding retention policies helps you know how long sensitive information persists in a third party's system.
Risk The combination of the likelihood and impact of a negative event. Throughout this course, the emphasis is on making proportionate decisions based on actual risk, not on eliminating all theoretical risk.
Security Awareness Understanding security risks and good practices enough to make better decisions and recognize when professional help is needed. This is what the course provides—distinct from security expertise or guaranteed security.
Security Theater The performance of being secure without the substance. Mentioned in Module 4 as the risk of completing a security course and then assuming all gaps have been filled.
Social Engineering Manipulating people into revealing sensitive information or taking actions that compromise security, typically through deception or psychological techniques. A major concept in Module 1, with discussion of how AI has made social engineering more scalable.
Synthetic Media Content generated or heavily modified by AI, including deepfake videos, cloned voices, and AI-generated images. A major topic in Module 1, with emphasis on why "seeing is no longer believing."
System Prompt The instructions provided to an AI model by its developer that tell the model how to behave, what role to adopt, and what boundaries to respect. Central to understanding prompt injection in Module 3.
Threat Landscape The current set of security risks and attack vectors relevant to a specific population or system. The phrase "threat landscape" is used throughout to describe how AI has changed the security environment for everyday users.
Threat Model A structured analysis of what attacks are most relevant to your specific situation, considering what data you handle and who might want to attack you. Module 1 culminates in students creating a personal threat model.
Tool Audit A review of AI-powered tools you use, examining their data handling, permissions, and potential vulnerabilities. Module 3 culminates in students auditing two AI tools using the frameworks taught in that module.
Training Data The data used to train and improve an AI model. A key question in Module 2: whether your conversations become part of the training data, which varies significantly by provider and tier.
Verification Habit The practice of checking information against original sources rather than relying on outputs from AI tools, especially when those outputs involve recommendations to share information or take action. Emphasized throughout Module 1 as the most practical defense against deepfakes and manipulated AI outputs.
Vulnerability A weakness in a system that could be exploited to cause harm. Module 3 emphasizes that AI tools introduce new vulnerabilities, and understanding these vulnerabilities is essential for evaluating the systems you use.
Voice Cloning Technology that uses AI to synthesize a person's voice, often used in deepfakes and social engineering attacks. Discussed in Module 1 as part of synthetic media threats.
Zero Trust A security approach that assumes no system or user can be inherently trusted and verifies every access request. Not covered in detail in this course, but the principle aligns with the emphasis on verification before trusting AI outputs.