Week 13 Part VI · Security & Governance 🎤 Student Project Presentation 3 · Final

Security, Governance & Synthesis

Instructor lesson plan: lecture (2 h) and practice (2 h).

Learning objectives

Secure the software, data, and model supply chain.
Apply the OWASP Top 10 for LLM applications.
Synthesise the five layers into one operational stack.

Tools this week

secrets managerpip-audit / SBOM (syft)OWASP LLM Top 10 checklistNIST AI RMF

🎓Lecture · 2 hours

0:00-0:10	10 min	Recap & objectives Retrieval: two mandatory agent bounds. Today: securing and governing the whole stack, then the synthesis; final Student Project Presentations this afternoon.
0:10-0:25	15 min	Motivation: the widened attack surface AI systems add new attack surfaces: the data, the model, the prompts, and the agent's tools are all inputs an adversary can shape. Story: a poisoned public dataset and a backdoored checkpoint; provenance was the missing control. Governance is the same widening, seen from the auditor's chair.
0:25-0:50	25 min	Securing the supply chain Secrets management done right: vaults, rotation, least privilege; the course-long rule explained in full. Dependencies and SBOMs: knowing what you ship; pinning as a security control, not just reproducibility. The model and data supply chain: provenance of datasets and weights; signature and hash verification. CI as a security boundary: the pipeline that gates the merge also gates what reaches production.
0:50-1:10	20 min	The OWASP Top 10 for LLM applications Prompt injection (met in week 10) and insecure output handling: never execute or render model output unexamined. Excessive agency: week 11's least-privilege rule, formalised. Sensitive-information disclosure, data poisoning, model denial-of-service (the token bill as an attack). Walk the project architectures against the list, live: every team finds at least one gap.
1:10-1:20	10 min	Break
1:20-1:40	20 min	Governance & responsible operations Privacy and PII across the stack: in the lake (week 5), in prompts and logs (week 9), in traces (week 11). Audit trails end to end: which data, model, prompt, and approval produced this decision? Model cards and documentation that stay live; the NIST AI RMF as the umbrella framing. Compliance as a design input, not a retrofit.
1:40-1:55	15 min	Synthesis: the five layers, one system The full architecture on one board: lake, pipelines, registry, serving endpoint, gateway, evals, agent, telemetry, and the audit trail through all of it. Each of the five layers' one-sentence contract, recited by the class, not the instructor. What to learn next: deeper cloud, platform engineering, the research frontier in evals and agents.
1:55-2:00	5 min	Wrap-up & Student-Project-Presentation logisticsFinal-presentation running order; the oral defense format; what 'done' means.

Common misconception to confront.

Students often think: Security and governance are a final checklist.
Set it straight: They are cross-cutting properties designed in from week one: secrets, least privilege, data contracts, and audit trails. Bolting them on at the end does not work.

Check for understanding (pose during the concept blocks; let students answer before revealing).

Name one supply-chain risk unique to ML and LLM systems.

A poisoned or backdoored pretrained model or dataset pulled from a public hub; verify provenance and pin versions.

Why keep audit trails across the whole stack?

For compliance, incident forensics, and reproducibility: to answer which data, model, and prompt produced a decision, and who approved it.

Key takeaways.

Security and governance are designed in from week one, not appended.
The OWASP LLM Top 10 is the working checklist for LLM-app security.
The five layers compose into one auditable operational stack.

Common pitfalls to pre-empt.

Secrets in client-side code or logs leak; keep them server-side and rotated.
A model card nobody maintains is theatre; keep documentation live.

📚Reading & resources

OWASP Top 10 for LLM Applications The full list this time; the lecture walks the project architectures against it.
NIST AI Risk Management Framework The governance umbrella: map, measure, manage, govern.
Building Secure and Reliable Systems Google; free online. Read the supply-chain and least-privilege chapters.
SRE Workbook: postmortem culture Blameless postmortems; the retrospective model for the final presentation.

🎤Student Project Presentation · 2 hours

The full two-hour practice slot is given over to student project presentations (Student Project Presentation 3 · Final). There is no instructor-prepared material: teams present and defend their work to the class, with peer and instructor questions after each talk. Each team has 12 to 15 minutes plus questions, and submits a short written report and a tagged release of the repository.

What each team presents.

End-to-end production demo of the chosen use case: data in, decision out, live.
Observability shown working: the RED dashboard, the drift monitor, and one actionable alert with its runbook.
Evaluation, guardrails, and the cost/latency report (the token economy of the feature).
Security and governance review against the OWASP LLM Top 10, plus a retrospective.
Short oral defense: any team member answers on any part of the system.

See the running-project brief for the full milestone description and the grading weight.

Project integration (this week)

Final hardening before the demo: the OWASP LLM Top 10 pass on the project, with at least one found gap closed.
The cost/latency report finalised from the gateway and dashboard data.
Repository tagged v1.0: the end-to-end system, its docs, and its audit trail.

Curated references Project brief