Do I need prior experience in AI governance or auditing?

No formal governance experience is required. However, basic familiarity with AI/ML concepts and Python will help you get the most from the hands-on labs and tools used in this course.

Is this course suitable for non-technical professionals?

While the course includes technical labs, the regulatory compliance and governance modules are highly relevant for policy makers, risk analysts, and compliance officers.

What tools will I use in this course?

You'll work with Giskard for automated red teaming, SHAP and LIME for explainability, Microsoft Presidio for PII detection, and Guardrails AI/NeMo Guardrails for safety enforcement.

What is red teaming in the context of AI?

Red teaming involves systematically testing AI systems for vulnerabilities like jailbreaks, prompt injection, and bias using structured attack methodologies and tools like Giskard.

When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

AI Risk and Compliance: Audit and Governance Foundations

AI Risk and Compliance: Audit and Governance Foundations

This course is part of Managing AI Systems: Development, Deployment, and Governance Specialization

Instructor: Board Infinity

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

Intermediate level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Execute adversarial red teaming scans using Giskard to identify and prioritize AI vulnerabilities
Classify AI systems under the EU AI Act and apply NIST AI RMF across the AI lifecycle
Generate SHAP/LIME explanations and create audit-ready transparency documentation
Implement guardrails, PII scrubbing with Presidio, and governance controls to mitigate Shadow AI

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Managing AI Systems: Development, Deployment, and Governance Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

This advanced course provides a practical, end-to-end approach to governing, securing, and auditing AI systems in enterprise environments. Learners begin by examining adversarial threats to AI systems—including jailbreaks, prompt injection, data leakage, manipulation, and misinformation attacks—and practice structured red teaming using both manual and automated techniques. Participants learn how to analyze vulnerability severity and exploitability, prioritize remediation, and evaluate AI system readiness under adversarial conditions while communicating findings through clear, audit-ready documentation.

The course then explores regulatory and governance frameworks, focusing on the EU AI Act and the NIST AI Risk Management Framework (Govern, Map, Measure, Manage). Learners analyze AI system classifications, risk tiers, and obligations, and apply NIST AI RMF principles across the AI lifecycle. The course also covers key legal and compliance risks, including copyright, licensing, and data usage concerns in training data and outputs, and guides learners in creating concise compliance documentation and policies aligned with EU AI Act and NIST AI RMF requirements. Learners dive into explainability for LLMs and other AI models, exploring challenges and techniques such as SHAP, LIME, and attention visualization. They apply these tools to generate human-readable explanations, and critically evaluate the faithfulness, reliability, and quality of these explanations for different stakeholders. Finally, the course turns to safety engineering and organizational governance, including implementing guardrails frameworks (e.g., Guardrails AI, NVIDIA NeMo) and using Presidio for PII detection, masking, and anonymization in AI and RAG pipelines. Learners assess Shadow AI risks and design governance strategies, monitoring, and control architectures that mitigate unsafe AI usage, document vulnerabilities, and support continuous regulatory compliance. Disclaimer: This is an independent educational resource created by Board Infinity for informational and educational purposes only. This course is not affiliated with, endorsed by, sponsored by, or officially associated with any company, organization, or certification body unless explicitly stated. The content provided is based on industry knowledge and best practices but does not constitute official training material for any specific employer or certification program. All company names, trademarks, service marks, and logos referenced are the property of their respective owners and are used solely for educational identification and comparison purposes.

Module details

In this module, learners dive into the adversarial threat landscape for modern AI systems and practice structured red teaming workflows. You will explore real-world AI threat models, including jailbreaks, prompt injection, leakage, and manipulation attacks, and distinguish benign failures from genuinely adversarial behavior. Through videos, readings, AI dialogues, and a hands-on lab using Giskard, you will learn how to execute automated red teaming, interpret vulnerability reports, and prioritize remediation actions. By the end of the module, you will be prepared to evaluate system readiness under adversarial conditions and document findings in an audit- and security-friendly format.

What's included

8 videos3 readings4 assignments1 plugin

8 videosTotal 65 minutes

Career Scope in AI Governance, Red Teaming & Risk6 minutes
LLM Threat Categories: Jailbreaks, Leakage & Manipulation10 minutes
Distinguishing Benign Failures vs Adversarial Behavior8 minutes
How Prompt Injection Works (Attack Anatomy)6 minutes
How Prompt Injection Works (Attack Anatomy) - Part 21 minute
Jailbreak Techniques Against Modern Chat Models14 minutes
Stress-Testing LLM Defenses Across Architectures9 minutes
Introduction to Giskard Vulnerability Scans11 minutes

3 readingsTotal 90 minutes

“LLM Threat Taxonomy & Real-World Enterprise Attack Patterns”30 minutes
“Enterprise Adversarial Prompt Catalog”30 minutes
“Giskard Scan Interpretation Guide”30 minutes

4 assignmentsTotal 105 minutes

Understanding AI Threat Models15 minutes
Prompt Injection, Jailbreaks & Adversarial Stress-Testing15 minutes
Using Giskard for Automated Red Teaming15 minutes
Topics: red teaming, threat models, adversarial techniques, Giskard findings.60 minutes

1 plugin

Quick Course Check-In0 minutes

This module focuses on the regulatory and risk-management frameworks that govern enterprise AI systems, with emphasis on the EU AI Act, the NIST AI Risk Management Framework (RMF), and key copyright and data usage issues. Learners will analyze EU AI Act risk tiers, high-risk obligations, conformity assessments, and post-market monitoring requirements. You will then map AI lifecycle activities to the NIST AI RMF functions and apply NIST-aligned risk assessment techniques. The module also examines training-data licensing, ownership of LLM outputs, enterprise liability, and unauthorized training risks. Through a lab and applied exercises, you will classify AI systems under the EU AI Act, map risks to NIST functions, and produce concise compliance documentation.

What's included

7 videos3 readings4 assignments

7 videosTotal 58 minutes

EU AI Act Overview & Risk Categories6 minutes
Mandatory Requirements for High-Risk Systems9 minutes
Conformity Assessments & Post-Market Monitoring8 minutes
Applying RMF Across the AI Lifecycle7 minutes
NIST-Aligned Risk Assessment Techniques14 minutes
Training-Data Licensing Risks5 minutes
Enterprise Liability & Unauthorized Training8 minutes

3 readingsTotal 90 minutes

“EU AI Act Compliance Checklist for Enterprises”30 minutes
“NIST RMF Implementation Blueprint”30 minutes
“Copyright & AI — Current Case Law & Risk Patterns”30 minutes

4 assignmentsTotal 105 minutes

EU AI Act: Risk Tiers, Obligations & Documentation15 minutes
NIST AI RMF (Govern, Map, Measure, Manage)15 minutes
Copyright, Data Usage & Legal Exposure15 minutes
EU AI Act, NIST mapping, copyright risk.60 minutes

In this module, learners explore explainable AI (XAI) techniques and transparency practices for large language models and other complex systems. You will investigate why explainability is challenging for LLMs and compare leading XAI methods such as SHAP, LIME, and attention maps, including guidance on when to use each. The module then turns to stakeholder-facing communication, showing how to generate human-readable explanations and present them effectively to executives and regulators while maintaining faithfulness and reliability. Finally, you will design transparency workflows that satisfy governance and compliance requirements, including documentation of system and decision flows. A hands-on lab guides you through applying SHAP or LIME to a text classifier and drafting a transparency report suitable for audits.

What's included

10 videos3 readings4 assignments

10 videosTotal 66 minutes

Why Explainability Is Difficult for LLMs8 minutes
Comparing XAI Techniques: SHAP, LIME, Attention Maps8 minutes
When to Use Which XAI Method8 minutes
When to Use Which XAI Method Part -21 minute
Generating Human-Readable Explanations6 minutes
Presenting Explanations to Executives/Regulators6 minutes
Faithfulness & Reliability of Explanations6 minutes
Transparency Requirements Across Frameworks6 minutes
Creating System & Decision Flow Documentation8 minutes
Designing Transparency Workflows9 minutes

3 readingsTotal 90 minutes

“XAI Playbook: Interpreting Predictive ML vs LLM Systems”30 minutes
“Executive Explanation Templates for Model Decisions”30 minutes
“Transparency Reporting & Audit Templates”30 minutes

4 assignmentsTotal 105 minutes

Interpreting Black Box Models15 minutes
Using XAI Tools for Stakeholder Communication15 minutes
Transparency for Governance & Compliance15 minutes
Topics: SHAP, LIME, documentation, transparency, explainability.60 minutes

This capstone module addresses practical governance controls for safe AI usage, focusing on guardrails frameworks, PII protection, and Shadow AI mitigation. Learners begin by implementing guardrails for safety and policy enforcement using Guardrails AI and NVIDIA NeMo, including rule-based and semantic guardrails and testing them against attacks. The module then introduces Microsoft Presidio for PII detection and anonymization, demonstrating how to detect, mask, and scrub sensitive data and integrate Presidio into RAG pipelines. Finally, you will examine Shadow AI risks in enterprises, monitoring and enforcement techniques, and organization-wide governance controls. A major lab ties these elements together by red teaming a chatbot with Giskard, implementing Guardrails and Presidio, and producing comprehensive evidence and documentation that serve as the practical course capstone.