AI tools are now part of the normal developer workflow — code assistants, chat interfaces, MCP servers, autonomous agents, and IDE integrations.
They also introduce new security risks that affect developers directly, not just the applications being built.
Repository content can manipulate LLM behavior through prompt injection. Sensitive internal information can leak through prompts and context windows. Hallucinated package names can be weaponized for supply chain attacks. Malicious MCP servers can expose local data and development environments. Attackers are also increasingly adapting phishing and social engineering techniques specifically around AI-assisted workflows.
We released Stay Safe with AI: A Developer’s Guide on SecDim Learn to help developers understand how these attacks work in practice.
The course is designed for developers and technical users without requiring a security background. It focuses on realistic attack paths, practical examples, and hands-on demonstrations rather than abstract AI safety discussions.
Topics covered include:
-
How large language models work
-
Adversarial inputs and FGSM attack fundamentals
-
AI code assistant security risks
-
Prompt injection against developers
-
Sensitive data leakage through AI tooling
-
Risks in AI-generated code
-
Slopsquatting and hallucinated dependency attacks
-
MCP server security
-
AI-enhanced social engineering targeting developers
The course also includes practical labs demonstrating how several of these attacks work in real environments.
If you regularly use AI tools during development, understanding these failure modes is becoming part of basic operational security.
Check it out on SecDim Learn: Learn - SecDim