Training a U.S. Military Cyber Unit on Generative AI

Government/Defense · 3-day custom on-site training

Client

U.S. military cyber unit

Industry

Government/Defense

Format

3-day custom on-site training

Students

25

The Engagement

GTK Cyber delivered a custom three-day generative AI training to a U.S. military cyber unit. Twenty-five operators completed the course on-site at the unit’s facility. The curriculum was built specifically for this engagement, progressing from AI foundations through adversarial testing to building operational AI agents.

The Challenge

The unit conducts cyber operations against sophisticated adversaries. Generative AI had become relevant to their mission on both sides of the fight: adversaries using AI-assisted techniques, and internal demand for AI-powered tools that could accelerate operator workflows.

The unit needed three things:

  1. Foundational understanding. Operators needed to understand how large language models, transformer architectures, and generative AI systems actually work. Not at a PhD level, but well enough to reason about capabilities, limitations, and failure modes.
  2. Adversarial perspective. The unit needed to know how AI systems break: prompt injection, jailbreaking, model manipulation, and the attack surfaces that generative AI introduces. This is directly relevant to both offensive and defensive operations.
  3. Operational tooling. The unit wanted to build AI agents that could be applied to their specific cyber operations workflows. Not off-the-shelf chatbots, but purpose-built agents that automate analysis, data processing, and decision support for operators.

Course Structure

Day 1: AI Theory and Foundations

The course started with how generative AI actually works, grounding every concept in operational relevance:

  • How transformer architectures process and generate text
  • How LLMs are trained, fine-tuned, and aligned (and what each of those steps means for security)
  • Token prediction, context windows, temperature, and how they affect model behavior
  • Prompt engineering for operational tasks: how to structure queries for maximum effectiveness
  • Retrieval-augmented generation (RAG): how organizations extend LLMs with proprietary data, and what that means for attack surface

Every concept was paired with hands-on exercises using local models via Ollama, so operators could experiment without operational security concerns.

Day 2: AI Red-Teaming and Architecture

The second day shifted to the adversarial perspective and system design:

  • Prompt injection: Direct injection, indirect injection via retrieved documents, and multi-turn escalation techniques
  • Jailbreaking: Bypassing safety training and alignment controls. Techniques that work, why they work, and how they evolve as models are patched
  • RAG poisoning: How an attacker plants instructions in documents that an AI system retrieves, causing the model to execute attacker-controlled actions
  • AI system architecture: How production AI systems are built (embedding pipelines, vector databases, tool-calling agents, orchestration frameworks). Understanding the architecture is necessary for both attacking and building these systems.
  • Evaluation and robustness: How to assess whether an AI system is safe to deploy, and what “safe” means in a military operational context

Operators ran adversarial tests against local LLMs, built prompt injection payloads, and evaluated defensive techniques. The goal was building intuition for how these systems fail under pressure.

Day 3: Building AI Agents for Cyber Operations

The entire final day focused on building operational AI agents:

  • Agent architecture: How to design an AI agent that takes a task, breaks it into steps, uses tools, and produces output. Frameworks for structuring agent workflows.
  • Tool use and function calling: Connecting LLMs to external tools (APIs, databases, file systems, command-line utilities) so agents can take actions, not just generate text
  • Building agents for specific cyber use cases:
    • Log analysis and triage agents that process raw data and surface anomalies
    • Threat intelligence agents that ingest unstructured reports and extract structured indicators
    • Reconnaissance and data collection agents that automate repetitive operator workflows
    • Report generation agents that produce formatted output from raw operational data
  • Guardrails and safety: How to constrain agent behavior so it operates within defined boundaries. Preventing agents from taking unintended actions.
  • Testing and validation: How to evaluate whether an agent works correctly and safely before deploying it in an operational context

Operators built working agents during the labs using Python and open-source tooling. Each operator left with functional agent code they could adapt to their own operational environment and classified data.

Why This Format Worked

Three-day arc. Day 1 built the foundation. Day 2 showed how AI systems break. Day 3 applied both to building operational tools. Each day depended on the previous one, and by Day 3, operators had enough context to build agents that were not just technically functional but architecturally sound and adversarially aware.

Practitioners, not academics. GTK Cyber instructors have field experience in cybersecurity, data science, and intelligence. The content was grounded in operational reality, not theoretical possibility.

Hands-on throughout. Every session included lab time. Operators wrote code, ran attacks, built agents, and tested systems. The ratio was approximately 50/50 instruction to lab work.

On-site, air-gapped capable. The Centaur VM and local models via Ollama meant the entire course ran without external network dependencies. No classified data left the unit’s environment. No external API calls were required.

Outcomes

  • 25 operators completed a progression from AI foundations through adversarial testing to building functional AI agents
  • Operators left with working Python code for AI agents they can adapt to classified operational data and workflows
  • The unit gained an adversarial understanding of generative AI systems relevant to both offensive and defensive cyber operations
  • The training established a common technical vocabulary across the unit for AI-related operational decisions

About GTK Cyber

GTK Cyber is a boutique training firm specializing in hands-on AI and cybersecurity training. Instructors have 20+ years of experience across intelligence agencies, major financial institutions, and government bodies. Regular training partner at Black Hat USA and Hack In The Box.

For custom training engagements, contact gtkcyber.com/contact.

Interested in a custom training engagement?

Contact us to discuss a program designed for your team's specific tools, workflows, and skill level.

Get in Touch