Course 2A — Security Harnesses

Security
Harnesses

Building AI harnesses for cybersecurity: bug bounty, pentest, CTF, code review, threat modeling, cloud security, and smart contract auditing. Thirteen modules, thirteen deep-dives, two capstones. The tau-security reference harness runs through every module.

~29
hours
13
modules
13
deep-dives
2
capstones
0 — Security Harness Foundations
2 modules
1 — Offensive Harnesses
4 modules
2 — AppSec and SDLC
3 modules
3 — Cloud Security
2 modules
4 — Smart Contract Security
2 modules
Capstones
2 capstones
Deep-Dives
13 studies
SDD-01
CAI (Cybersecurity AI)
The primary offensive case study: autonomy levels, bug bounty architecture, CTF benchmarks, and the CSI meta-harness.
SDD-02
RedTeamLLM
Plan correction, memory management, and context-window constraints via the summarize-reason-act loop.
SDD-03
Bug Bounty Reference Stack
nmap, amass, httpx, nuclei, ffuf, Playwright, CVE enrichment — the canonical offensive tool registry, studied as schema-first harness wrappers.
SDD-04
Prowler
The canonical open-source multi-cloud CSPM: provider-agnostic check engine, attack-path correlation, three-tier layering, GitHub Action integration.
SDD-05
Scout Suite
The point-in-time multi-cloud auditing baseline: offline HTML reporting, full configuration collection, assessment-artifact delivery.
SDD-06
Cloud Attack-Path Tooling
Graph-based reasoning for IAM escalation, reachable assets, and lateral movement — pmapper, CloudFox/FoxMapper, BloodHound, Cartography.
SDD-07
Secure Code Review Stack
The layered AppSec pipeline: AST for structure, Semgrep for patterns, CodeQL for data-flow, LLM triage for false-positive suppression, autofix-with-approval for remediation.
SDD-08
Threat Modeling Harness Stack
The continuous, design-time threat-modeling pipeline: Terraform/OpenAPI/draw.io ingestion, ground-truth DFD generation in Mermaid, STRIDE automation with LLM enrichment.
SDD-09
Heimdallr
The reference agent harness for smart contract auditing: function-level reorganization, cascaded verification, 92.45% detection at $2.31/10K LOC, 17/20 real attack reconstructions.
SDD-10
EVMbench
The benchmark that makes smart contract audit harnesses measurable: 117 vulnerabilities across 40 repos, scored in three modes — Detect, Patch, Exploit.
SDD-11
Purpose-Built DeFi AI Systems
Domain-specific agents vs general LLMs: the 92% vs 34% detection gap on DeFi vulnerabilities, the three pillars of specificity, and the build-vs-buy decision.
SDD-12
InjecAgent
The indirect prompt injection benchmark as a quality gate: ~50% of agentic tasks vulnerable to injection via tool outputs, measured per-tool, regression-gated in CI.
SDD-13
tau — A Minimalist Coding Agent Harness
The base harness for Course 2A: how a three-layer coding agent architecture becomes a security agent.

Prerequisite: Course 1 or equivalent production harness experience. Status: complete.