Overview

We are launching Ikotas AI×Security Training, a practical training program for putting AI agents to work in real security operations. The program is a hands-on series covering the major areas of security operations: vulnerability assessment, IoT device reverse engineering assessment, penetration testing, digital forensics, and supply chain attack defense, with a focus on designing and operating AI agents from an attacker's perspective and embedding them into each workflow.

Ikotas AI×Security Training
Ikotas AI×Security Training

A Training Only We Can Deliver

In the security industry, services have traditionally centered on vulnerability assessment, security operations, and security education. Training programs that focus on integrating AI agents into real security work have rarely been offered in a systematic form.

We have continuously demonstrated the discovery of 0-day (previously undisclosed) vulnerabilities and the automated solving of CTF (Capture The Flag) challenges using LLMs, building up practical know-how at a working-engineer level along the way. Because we run both the attacker-side vulnerability research workflow and the AI-agent design and operations workflow inside the same organization, providers that can design and deliver a training program bridging the two sides remain few in number. This program is a structured presentation of what becomes possible precisely from that position.

Program Structure

The program is delivered as one-day hands-on sessions, and participants choose the themes that match their own work area. Each theme is designed so that, by the end of the session, the participant can independently design and operate AI agents within their own environment. The training is not tied to a particular product: we assume that participants choose from major options such as Claude Code, OpenAI Codex, and Google Gemini CLI based on their own setup.

Designing and Operating AI Agents

Participants build, from fundamentals through applied use, the design and operational judgment needed to put AI agents to work in real business, including external connectivity and extension through MCP (Model Context Protocol) and Skills. They systematically acquire the underlying criteria for bringing AI into real work, such as instruction and permission-boundary design for agents, stable session operations, and security considerations when introducing agents into business workflows, establishing the common foundation for the security-focused themes that follow.

AI-driven White-box and Gray-box Vulnerability Assessment

Participants reach a point where they can integrate AI agents into both source-code-driven white-box assessment and gray-box assessment that runs the target on real hardware or an emulator to validate exploit feasibility in real time, and build assessment flows that balance efficiency and accuracy in their own environment. The training covers how to embed agents that continuously support everything from code and behavior analysis through triage of findings and discrimination of false positives.

AI-driven IoT Device Reverse Engineering Assessment

Participants use AI agents to support the full flow from reverse engineering of IoT device firmware, through building a virtual environment for dynamic verification, to demonstrating actual exploitation. Because the approach proceeds from the same information set available to an outside attacker, participants reach a point where they can perform vulnerability assessment from a vendor-external standpoint against targets for which source code or internal design materials are not made available.

AI-driven Black-box Penetration Testing

Participants acquire the skills to design and operate, starting from their own test environment, an arrangement that hands the full chain from initial intrusion to internal data exfiltration over to AI agents. The session also covers operational aspects such as composing attack scenarios, delegating authority to agents at each stage, and evaluating the validity of results, aiming for a state in which the approach can be applied to repeated penetration exercises and attack hypothesis validation within the participant's own organization.

AI-driven Digital Forensics

The session covers techniques for incorporating AI-agent-driven analysis of memory and filesystem artifacts into the participant's workflow, streamlining the identification of intrusion paths and the extraction of Indicators of Compromise (IoCs). Participants reach a state where they can operate, within their own organization, the entire flow from situational assessment through root-cause investigation following an incident, with the support of AI agents.

AI-driven Supply Chain Attack Defense

Participants reach the level required to design and operate AI-driven scanning over packages and dependencies flowing into the organization, and to build an ongoing detection and suppression posture against supply-chain threats within their own environment. Drawing on the risk that recent supply chain attacks pose to organizations, the session covers how to build scans that live close to development and operations, and how to continuously validate their detection accuracy.

Our Position

No matter how capable a model becomes, its value cannot be realized without a design for how to fit it into real work. As a leading presence in AI×Security in Japan, we will systematize our field experience and bring it back to society through both services and training. The program is aimed at security engineers working in vulnerability assessment, IoT device reverse engineering assessment, penetration testing, and digital forensics, as well as general users who want to defend themselves and their organizations against threats such as supply chain attacks. It is intended to serve as the starting point from which they can build their own autonomous defenses on top of our know-how.

Inquiry and Enrollment

We welcome inquiries about enterprise and team enrollment as well as custom curriculum design. Please feel free to contact us.