A book, woven from a course
Machine Learning in Systems and Network Security
DS 6042 · Summer 2026 · Daniel G. Graham, UVA School of Data Science
This course is built around sixteen labs. Together they answer a question every security course should ask, and most don't: what does it actually mean to attack — or defend — a system that runs machine learning? You start with a first hands-on exploit on the cyber range, move on to small but real LLMs and agents, then work through the core AI-security attacks: on agents, on MCP, and on RAG. From there you harden real deployments, both server-side and in the cloud, and finish with the classic machine-learning intrusion-detection lab the field began with. Every lab has the same shape: build the smallest version, attack it, then fix it.
Open a lab page from the table below and read the lede + the §1 anatomy callout before doing anything else. Then walk the build code while the file is open. Run the attack scripts. Read the secure-phase fixes; argue with them. The labs are designed for in-class use (≈2 hours apiece) and the leftover time becomes the assignment.