A book, woven from a course

Machine Learning in Systems and Network Security

DS 6042 · Summer 2026 · Daniel G. Graham, UVA School of Data Science

This course is built around sixteen labs. Together they answer a question every security course should ask, and most don't: what does it actually mean to attack — or defend — a system that runs machine learning? You start with a first hands-on exploit on the cyber range, move on to small but real LLMs and agents, then work through the core AI-security attacks: on agents, on MCP, and on RAG. From there you harden real deployments, both server-side and in the cloud, and finish with the classic machine-learning intrusion-detection lab the field began with. Every lab has the same shape: build the smallest version, attack it, then fix it.

How to use this book

Open a lab page from the table below and read the lede + the §1 anatomy callout before doing anything else. Then walk the build code while the file is open. Run the attack scripts. Read the secure-phase fixes; argue with them. The labs are designed for in-class use (≈2 hours apiece) and the leftover time becomes the assignment.

View the day-by-day Summer 2026 schedule →

Day-by-day schedule

OrientationDay one

Module 01LLM foundations

Module 02AI agents · build → break

Module 03Model Context Protocol · build → break

Module 04Applied tooling · OSINT, agents, pentest

Module 05Alignment & refusal

Module 06Secure deployment

Module 07Retrieval-Augmented Generation · build → break

Module 08Classical ML in network security