Stage 9: AI Security, Blockchain, and ZKML¶
9 Secure, govern, and verify AI-enabled systems.
Goal¶
Learn AI and agent security, application security, governance, blockchain fundamentals, smart contract risk, zero-knowledge concepts, and practical ZKML limits.
Roadmap to Master This Stage¶
- Read the stage goal and diagram before opening the parts.
- Move through the parts in order unless you can already pass the exit criteria.
- Study each sub-part folder: overview, deep dive, and examples/practice.
- Build the stage artifact in small slices and measure the listed metrics.
- Use the part exam after each part, or open the global Exam tab to test across the roadmap.
Stage Structure Diagram¶
%%{init: {"flowchart": {"htmlLabels": true, "nodeSpacing": 70, "rankSpacing": 90}, "themeVariables": {"fontSize": "18px"}} }%%
flowchart LR
P1["<b>9.1</b><br/>LLM and Agent Security"]
P2["<b>9.2</b><br/>Secure AI Application<br/>Architecture"]
P1 --> P2
P3["<b>9.3</b><br/>Governance and<br/>Responsible AI"]
P2 --> P3
P4["<b>9.4</b><br/>Blockchain Fundamentals"]
P3 --> P4
P5["<b>9.5</b><br/>Smart Contract Security"]
P4 --> P5
P6["<b>9.6</b><br/>ZK and Verifiable AI"]
P5 --> P6
Parts¶
| Part | Simple explanation | Build focus |
|---|---|---|
| 9.1 LLM and Agent Security | Protect systems where models read untrusted content and call tools. | Threat-model the Stage 6 agent. |
| 9.2 Secure AI Application Architecture | Apply ordinary AppSec and privacy controls to AI services and data flows. | Create an AI risk register and controls plan. |
| 9.3 Governance and Responsible AI | Map risks to controls, monitoring, human oversight, documentation, and review processes. | Write a governance note for a high-impact AI feature. |
| 9.4 Blockchain Fundamentals | Understand wallets, signatures, transactions, gas, state, and finality before AI systems touch chain state. | Trace a simple transaction workflow. |
| 9.5 Smart Contract Security | Recognize common contract vulnerabilities and design AI-to-chain permissions safely. | Create vulnerable contracts, exploits, and fixes. |
| 9.6 ZK and Verifiable AI | Use cryptographic verification for trust, privacy, and constrained model claims. | Prove a tiny model-related computation. |
Sub-Part Map¶
| Part | Sub-part | Why it matters |
|---|---|---|
| 9.1 | 9.1.1 Prompt Injection and Jailbreaks | Prompt Injection and Jailbreaks is the working skill inside LLM and Agent Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.1 | 9.1.2 Tool Injection and Excessive Agency | Tool Injection and Excessive Agency is the working skill inside LLM and Agent Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.1 | 9.1.3 Data Leakage and Prompt Logs | Data Leakage and Prompt Logs is the working skill inside LLM and Agent Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.1 | 9.1.4 Insecure Output Handling | Insecure Output Handling is the working skill inside LLM and Agent Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.2 | 9.2.1 Authentication and Authorization | Authentication and Authorization is the working skill inside Secure AI Application Architecture that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.2 | 9.2.2 Secrets and Service Accounts | Secrets and Service Accounts is the working skill inside Secure AI Application Architecture that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.2 | 9.2.3 Dependency and Model Supply Chain | Dependency and Model Supply Chain is the working skill inside Secure AI Application Architecture that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.2 | 9.2.4 Privacy PII and Data Retention | Privacy PII and Data Retention is the working skill inside Secure AI Application Architecture that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.3 | 9.3.1 Risk Mapping | Risk Mapping is the working skill inside Governance and Responsible AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.3 | 9.3.2 Human Oversight | Human Oversight is the working skill inside Governance and Responsible AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.3 | 9.3.3 Fairness Bias and Toxicity | Fairness Bias and Toxicity is the working skill inside Governance and Responsible AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.3 | 9.3.4 Documentation and Auditability | Documentation and Auditability is the working skill inside Governance and Responsible AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.4 | 9.4.1 Wallets Keys and Signatures | Wallets Keys and Signatures is the working skill inside Blockchain Fundamentals that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.4 | 9.4.2 Transactions Blocks and Gas | Transactions Blocks and Gas is the working skill inside Blockchain Fundamentals that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.4 | 9.4.3 Smart Contract State | Smart Contract State is the working skill inside Blockchain Fundamentals that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.4 | 9.4.4 Oracles and Off Chain Data | Oracles and Off Chain Data is the working skill inside Blockchain Fundamentals that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.5 | 9.5.1 Reentrancy and External Calls | Reentrancy and External Calls is the working skill inside Smart Contract Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.5 | 9.5.2 Access Control Bugs | Access Control Bugs is the working skill inside Smart Contract Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.5 | 9.5.3 MEV Front Running and Oracle Risk | MEV Front Running and Oracle Risk is the working skill inside Smart Contract Security that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.6 | 9.6.1 Zero Knowledge Fundamentals | Zero Knowledge Fundamentals is the working skill inside ZK and Verifiable AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.6 | 9.6.2 Circuits Witnesses and Provers | Circuits Witnesses and Provers is the working skill inside ZK and Verifiable AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.6 | 9.6.3 zkVMs and Fixed Point ML | zkVMs and Fixed Point ML is the working skill inside ZK and Verifiable AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
| 9.6 | 9.6.4 ZKML Use Cases and Limits | ZKML Use Cases and Limits is the working skill inside ZK and Verifiable AI that helps you build the stage artifact, A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo, while collecting enough evidence to trust the result. |
Stage Artifact¶
A threat model, red-team report, smart contract security lab, and tiny ZKML or verifiable computation demo.
What to Measure¶
- security tests
- attack success before and after mitigation
- risk severity table
- proof generation time
- verifier time or gas
- model size limits
Exit Criteria¶
- threat-model LLM and agent systems
- apply least privilege
- explain smart contract risks
- build or explain a tiny ZK proof and limits
Navigation¶
Previous: Stage 8: Optimization and Hardware Acceleration | Next: Stage 10: Mastery