Module 6 Narration#
Opening#
Open with the professional setting: a security operations center tuning AI-assisted detections before analyst rollout. Ask students what decision is being made, who is affected, and what evidence would be persuasive to a skeptical reviewer.
Middle#
Move through the module in four passes:
Define Adversarial behavior and evasion in the context of AI in Threat Detection.
Walk through the lab as a proxy-data exercise, emphasizing what it can and cannot show.
Compare a baseline with an AI-enabled or more sophisticated alternative.
Translate the result into stakeholder language: recommendation, risk, mitigation, and next evidence.
Closing#
Close by returning to the module artifact: detection engineering packet with threat model, false-positive analysis, and triage workflow focused on adversarial behavior and evasion: Run a tabletop evasion analysis.. Students should leave knowing exactly what artifact they are producing and how it will be judged.