Scenario-Based Security Training

Tabletop Exercises

Structured tabletop exercises for security teams to practice incident response and test playbooks for AI-related security events.

Table of Contents

Overview

Tabletop exercises are discussion-based sessions where team members walk through simulated security scenarios. They help organizations identify gaps in processes, improve coordination, and build readiness for real incidents — without the pressure of a live event.

Why Tabletop Exercises for AI Security?

AI-assisted development introduces novel attack vectors and incident types that many teams have never rehearsed:

  • Prompt injection leading to data exfiltration
  • AI tool compromised via supply chain attack
  • Sensitive data inadvertently sent to AI provider
  • AI-generated code introducing vulnerabilities at scale
  • Insider misuse of AI tools to bypass controls

Exercise Format

Each exercise follows a structured format:

PhaseDurationActivity
Briefing10 minScenario introduction and ground rules
Scenario Inject15 minPresent the incident trigger
Team Discussion30 minWalk through response actions
Escalation15 minIntroduce complicating factors
Debrief20 minLessons learned and action items

Available Scenarios

Coming soon — scenarios currently under development.

  • Scenario 1: AI Coding Assistant Data Leak
  • Scenario 2: Compromised AI Plugin in CI/CD
  • Scenario 3: Mass Vulnerability Introduction via AI-Generated Code
  • Scenario 4: AI Tool Credential Theft

How to Use

  1. Select a scenario appropriate for your team’s maturity level
  2. Assign roles (Incident Commander, Security Analyst, Communications, Legal)
  3. Run the exercise with a facilitator guiding the discussion
  4. Document findings and update your incident response playbooks