FREE DEMO

Workshop Types

Conference Home

  • Workshop 1 (Build): A deep dive into Agentic AI Lifecycle with labs
  • Workshop 2 (Assure): Immersive AI Guardrails Lab with adversarial benchmarks and validation
  • Workshop 3 (Trust): Implementing DPDPA and Consent Management Hands-on

Workshop 1 (Build) - Deep Dive into Agentic AI Lifecycle with Labs

Presenters

Suresh Kumar, Amazon Web Services

A beautiful sunset over the ocean

Description

Agentic AI is transforming how organizations design, deploy, and govern intelligent systems capable of autonomous decision-making and task execution. This hands-on workshop provides participants with a comprehensive understanding of the Agentic AI lifecycle, from architecture and development to deployment and governance.

The workshop will cover key Agentic AI concepts and AWS services, including Amazon Bedrock Agents, Amazon Bedrock AgentCore, Amazon Kiro, and related AWS capabilities that enable organizations to build, orchestrate, secure, and scale AI agents effectively. Participants will gain practical experience through guided labs, demonstrations, and real-world use cases that illustrate how Agentic AI solutions can be developed and managed in enterprise environments.

What you will learn

  • Understand the core concepts, architecture, and lifecycle of Agentic AI systems.
  • Explore how AI agents plan, reason, orchestrate tasks, and interact with enterprise applications and data sources.
  • Design and build AI agents using AWS services such as Amazon Bedrock Agents, Amazon Bedrock AgentCore, and Amazon Kiro.
  • Implement multi-agent workflows and orchestration patterns for complex business use cases.
  • Apply best practices for securing, monitoring, and governing Agentic AI solutions in enterprise environments.
  • Evaluate risks, guardrails, and operational considerations associated with autonomous AI systems.
  • Deploy and scale Agentic AI applications using AWS-native capabilities.
  • Gain hands-on experience through guided labs, demonstrations, and real-world implementation scenarios.
  • Understand how Agentic AI can accelerate business processes, decision-making, and automation across industries.
  • Develop practical insights into managing the end-to-end lifecycle of Agentic AI solutions—from development and testing to deployment and ongoing governance.

High level Agenda

[will be updated]

Prerequisites

  • Basic understanding of AWS Cloud concepts
  • Familiarity with Amazon Bedrock fundamentals
  • Laptop with internet connectivity
  • AWS account access (recommended, if required for labs)

Who Should Attend

  • Passionate learners interested in Agentic AI and Generative AI
  • IT Auditors and Assurance Professionals
  • Cybersecurity Professionals
  • Governance, Risk, and Compliance (GRC) Practitioners
  • Cloud Architects and Engineers
  • Technology Leaders and AI Enthusiasts

Pre-Read Materials

AWS Cloud Fundamentals

Amazon Bedrock

Amazon Bedrock AgentCore

Amazon Kiro

Detail agenda

[will be updated]

Workshop 2 (Assure) - AI Guardrails Lab with adversarial benchmarks and validation

Presenters

  • Dr. Tejasi Addagada
  • Praveen Kumar Raju B
  • Uday K
  • Description

    As organizations increasingly adopt Generative AI and Agentic AI solutions, ensuring that these systems are secure, trustworthy, compliant, and resilient against adversarial threats has become a critical business requirement. AI systems are susceptible to risks such as prompt injection attacks, jailbreak attempts, data leakage, hallucinations, model misuse, and regulatory non-compliance, making effective AI guardrails essential for safe deployment.

    This hands-on workshop provides participants with practical knowledge and experience in designing, implementing, testing, and validating AI guardrails for enterprise AI systems. Attendees will learn how to identify vulnerabilities, conduct adversarial testing, evaluate guardrail effectiveness, and establish governance and assurance frameworks aligned with industry best practices and regulatory expectations.

    The session will also introduce participants to the Zytra AI Governance Portal and demonstrate how organizations can operationalize AI governance, risk management, assurance, and compliance across the AI lifecycle. Through demonstrations, case studies, and hands-on exercises, participants will gain exposure to real-world AI safety challenges and validation methodologies, including AI red teaming and adversarial benchmarking approaches.

    What you will learn

    By the end of the workshop, participants will have:

    • A practical understanding of common AI risks, including prompt injection, jailbreak attacks, data leakage, and hallucinations.
    • Experience in applying structured testing approaches to assess AI system behavior and control effectiveness.
    • Exposure to adversarial testing and validation techniques used to evaluate AI safety and trustworthiness.
    • An understanding of benchmark-driven evaluation approaches and their application to real-world use cases.
    • Practical insights into AI governance, assurance, and risk management considerations for enterprise AI deployments.

    The workshop is intended as a knowledge-sharing and experiential learning session focused on industry practices, testing methodologies, and lessons learned from real-world AI implementations.

    High level Agenda

    Time Session
    09:30 AM – 10:00 AM Introduction, Workshop Context, and Opening Remarks
    10:00 AM – 11:15 AM Session 1: Introduction to AI, AI Risks, and Effective Use of AI Guardrails
    11:15 AM – 11:30 AM Tea / Networking Break
    11:30 AM – 01:00 PM Session 2: Introduction to Zytra AI Governance Portal and Application Walkthrough
    01:00 PM – 02:00 PM Lunch Break
    02:00 PM – 03:30 PM Hands-on Lab Session – Part 1 (AI Guardrails Implementation and Validation)
    03:30 PM – 03:45 PM Tea / Networking Break
    03:45 PM – 04:30 PM Hands-on Lab Session – Part 2 (Evaluation Framework Setup and Benchmark Configuration)
    04:30 PM – 05:00 PM Q&A, and Closing Remarks

    Disclaimer: Please note that the timelines and agenda are subject to change. We shall keep you posted on the changes.

    Prerequisites

    • Basic understanding of Generative AI and Large Language Models (LLMs)
    • Familiarity with AI governance, cybersecurity, risk management, or assurance concepts
    • Laptop with internet connectivity
    • Access to browser-based basic AI tools

    Who Should Attend

    • Auditors and Assurance Professionals
    • Cybersecurity Professionals
    • Governance, Risk, and Compliance (GRC) Practitioners
    • AI Governance and Responsible AI Teams
    • Model Risk Management Professionals
    • Financial Services Technology and Risk Teams
    • Technology Leaders and Enterprise Architects
    • AI Product Owners and Program Managers
    • AI Engineers and Data Scientists
    • Professionals interested in AI Safety, Trustworthy AI, and Responsible AI

    Pre-Read Materials

    To ensure participants derive maximum value from the workshop, they are encouraged to review the following materials prior to attending.

    AI Governance & AI Safety

    AI Guardrails

    AI Regulation & Governance

    • EU AI Act Overview

      Introduction to the European Union’s AI Act, including risk-based classifications, compliance obligations, and governance requirements for AI systems.
      https://artificialintelligenceact.eu/

    • ISO/IEC 42001 Overview

      Overview of the international standard for AI Management Systems (AIMS), providing guidance for establishing, implementing, maintaining, and continually improving AI governance practices.
      https://www.iso.org/standard/81230.html

    Model Validation & Independent Assurance

    Optional Reading

    Participants may also familiarize themselves with the following concepts before the workshop:

    • Fundamentals of Generative AI and Large Language Models (LLMs)
    • Prompt Engineering Best Practices
    • Prompt Injection and Jailbreak Attack Techniques
    • AI Red Teaming and Adversarial Testing
    • Responsible AI and AI Assurance Frameworks
    • AI Governance Operating Models
    • Risk Management for AI and Agentic Systems

    Detail agenda

    Registration & Warm-Up

    Registration & Introduction

    • Participant introductions and workshop objectives
    • Overview of AI adoption trends, emerging risks, and regulatory expectations
    • Discussion on participant AI initiatives and challenges

    PART A – Foundations of AI Governance and Guardrails

    Session 1 — Introduction to AI, AI Risks, and Effective Use of AI Guardrails

    • Evolution of Generative AI and Agentic AI systems
    • AI risk categories: hallucinations, prompt injection, jailbreaks, data leakage, unsafe outputs, and compliance risks
    • AI Guardrails concepts, architectures, and implementation approaches
    • Defense-in-depth approach for AI safety and security
    • Mapping AI risks to preventive, detective, and corrective controls
    • NIST AI RMF, ISO 42001, EU AI Act, and RBI expectations

    Session 2 — Introduction to Zytra AI Governance Portal and Application Walkthrough

    • AI governance lifecycle: Discover, Register, Govern, Evaluate, Enforce, Audit
    • AI asset inventory and risk classification
    • Policy and control management
    • AI risk assessment workflows
    • Guardrail management and evaluation workflows

    PART B – Hands-on AI Guardrails and Validation Lab

    Hands-on Lab Session – Part 1: AI Guardrails Implementation and Validation

    • Configuring AI Guardrails for Enterprise AI Applications
    • Prompt Injection & Jailbreak Attack Testing
    • Data Leakage Prevention & Sensitive Information Protection
    • Hallucination Detection and Guardrail Effectiveness Validation

    Hands-on Lab Session – Part 2: Evaluation Framework Setup and Benchmark Configuration

    • Evaluation Framework Setup and Benchmark Configuration
    • FINPROOF Benchmark Execution for BFSI Use Cases
    • KYC/AML bypass simulation exercises
    • Governance workflow execution using Zytra AI Governance Portal

    Q&A and Closing Remarks

    • Key takeaways and lessons learned
    • Implementation roadmap and best practices
    • Open discussion and participant questions
    Workshop 3 (Trust) - Implementing DPDPA and Consent Management Hands-on

    Presenters

    Aayush Jain, Protaxology

    A beautiful sunset over the ocean

    Description

    India’s Digital Personal Data Protection Act (DPDPA) shifts the focus from privacy compliance theory to implementation. This hands-on workshop is designed for practitioners looking to translate DPDPA requirements into practical organizational controls, operating models, and implementation roadmaps covering practical aspects such as data fiduciary obligations, data principal rights handling, privacy governance structures, control design and compliance readiness.

    A dedicated focus area will be consent management, including:

    • Designing consent notices and purpose specifications
    • Consent capture, withdrawal, and preference management processes
    • Consent recordkeeping and auditability requirements
    • Integrating consent management platforms into business and technology processes
    • Practical challenges in operationalizing consent across digital channels and ecosystems

    Through implementation scenarios, walkthroughs, use cases, and interactive exercises, participants will work through practical approaches, templates, and considerations for building a DPDPA compliance program and operationalizing consent management in real-world environments.

    What you will learn

    • Understand the practical implementation requirements of India's Digital Personal Data Protection Act (DPDPA).
    • Translate Data Fiduciary obligations and Data Principal rights into operational processes and controls.
    • Design a privacy governance framework, including roles, responsibilities, policies, and oversight mechanisms.
    • Assess the implications of Significant Data Fiduciary (SDF) obligations and compliance expectations.
    • Create compliant consent notices and purpose specifications aligned with DPDPA requirements.
    • Design effective consent capture, withdrawal, and preference management processes across digital channels.
    • Address practical challenges arising from regulatory retention requirements and consent withdrawal requests.
    • Build auditable consent records and evidence trails to demonstrate compliance.
    • Understand the emerging Consent Manager ecosystem and integration considerations.
    • Leverage AI-assisted techniques to accelerate privacy documentation, consent design, and compliance workflows while maintaining regulatory oversight.

    High level Agenda

    Time Session
    09:30 AM – 10:00 AM Introduction, Workshop Context, and Opening Remarks
    10:00 AM – 11:15 AM Session 1 (Presentation) — DPDPA: The Implementation Landscape
    11:15 AM – 12:15 PM Session 2 (Use Cases) — Data Fiduciary Obligations & Data Principal Rights in Practice
    12:15 PM – 12:45 PM Session 3 (Group Discussion) — Privacy Governance & Compliance Programme Structure
    12:45 PM – 01:30 PM Lunch Break
    01:30 PM – 02:30 PM Session 4 (Hands-on and AI Assisted) — Consent Deep-Dive: Designing Notices & Purpose Specifications
    02:30 PM – 03:30 PM Session 5 (Hands-on and AI Assisted) — Consent Capture, Withdrawal & Preference Management
    03:30 PM – 03:40 PM Tea / Networking Break
    03:40 PM – 04:40 PM Session 6 (Hands-on and AI Assisted) — Consent Recordkeeping, Auditability & Platform Integration
    04:40 PM – 05:00 PM Wrap-Up, Q&A & Handout Pack

    Disclaimer: Please note that the timelines and agenda are subject to change. We shall keep you posted on the changes.

    Prerequisites

    • Working knowledge of privacy, compliance, information security, risk, or data governance concepts.
    • Basic familiarity with DPDPA provisions is recommended.
    • Prior experience in privacy implementation, compliance, or control functions will help participants maximize hands-on exercises.
    • Laptop with internet connection for hands-on

    Who Should Attend

    • Privacy professionals
    • IS Auditors and Risk Professionals
    • Compliance and legal practitioners
    • CISOs
    • Data governance leads
    • Technology practitioners involved in DPDPA readiness and implementation
    • Passionate Learners

    Pre-Read Materials

    Detail agenda

    Registration & Warm-Up

    • Participants map their organization's top personal data collection touchpoints and current consent practices on a warm-up card.
    • Cards used as live input throughout the day's exercises.
    • Quick introductions and housekeeping.

    PART A – Foundations

    Session 1 — DPDPA: The Implementation Landscape (Presentation)

    • Act & Rules architecture — two lawful bases (consent and legitimate uses), phased commencement timeline, and what is operative today.
    • Data Fiduciary obligations — notice, security safeguards, accuracy, storage limitation, and deletion obligations under the Act.
    • Data mapping & inventory — understanding what personal data the organisation collects, where it flows, how it is stored, and who processes it.
    • Data Principal rights — right to information, correction, erasure, withdrawal of consent, grievance redressal, and nomination.
    • Significant Data Fiduciary obligations — additional requirements for organisations designated as SDFs.
    • Privacy governance — what a DPDPA compliance operating model looks like: roles, responsibilities, policies, and programme structure
    • GDPR vs DPDPA — GDPR's six bases (consent, contract, legal obligation, vital interests, public task, legitimate interests) versus DPDPA's binary model of consent and legitimate uses;

    Session 2 — Data Fiduciary Obligations & Data Principal Rights in Practice (Case Studies)

    • Participants work through three BFSI use cases to identify what the Data Fiduciary must do and what the Data Principal can demand
    • Legitimate uses under the Act - how to determine which processing activities in a BFSI context qualify; documentation and accountability obligations that attach even when consent is not required
    • Each use case maps to specific Act obligations and surfaces the operational controls an organisation must have in place
    • Groups share findings; facilitator consolidates into a Data Principal Rights Handling Framework

    Session 3 — Privacy Governance & Compliance Programme Structure (Group Discussion)

    • What does a DPDPA compliance programme look like in practice roles (DPO, privacy team, business owners), policies, and governance cadence
    • Significant Data Fiduciary additional obligations = Data Protection Impact Assessment, Data Protection Officer, and periodic audits
    • Groups identify the three most critical governance gaps in their own organisations and discuss remediation priorities
    • Consultants in the room share cross-sector observations on what clients are and are not getting right

    PART B – Consent Management

    Session 4 — Consent Deep-Dive: Designing Notices & Purpose Specifications (Hands-on and AI Assisted)

    • What valid consent requires under the Act — free, specific, informed, unconditional, unambiguous, granular; one consent per purpose
    • Notice obligation — what must precede or accompany consent
    • Participants use AI to draft a consent notice for their assigned sector persona (NBFC / bank / insurer / e-commerce platform)
    • Groups review each other's output against a Notice Compliance Checklist — purpose specificity, plain language, withdrawal pathway, Consent Manager reference
    • Discussion: where AI accelerates drafting and where regulatory judgment cannot be delegated to AI

    Session 5 — Consent Capture, Withdrawal & Preference Management (Hands- on and AI Assisted)

    • Consent capture design — what makes consent genuinely free and unambiguous across digital channels (web, app, physical); dark patterns and
      what to avoid
    • Withdrawal obligation — must be as easy as giving consent; what this means as a design and process requirement under the Act
    • Participants use AI to draft a Withdrawal Acknowledgement for their sector persona — covering what processing stops, applicable timelines, data deletion obligations, and grievance escalation options
    • The retention conflict: how to document the organisation's position where statutory retention obligations (RBI, IRDAI, SEBI) conflict with withdrawal rights

    Session 6 — Consent Recordkeeping, Auditability & Platform Integration

    • What a valid consent record must capture — timestamp, specific purpose consented to, notice version presented, channel, and granularity evidence
    • Participants use AI to design a Consent Record Template for their sector persona — all elements needed to demonstrate valid consent if challenged
    • Consent Manager framework = what organisations must start building now
    • Integrating consent management into existing business and technology processes — CRM, KYC, policy management, and digital onboarding systems
    • Audit trail architecture — six evidence categories the Data Fiduciary must be able to produce: proof of notice delivery, timestamped consent record, granularity evidence, withdrawal log, downstream processor notification, deletion record

    Wrap-Up, Q&A & Handout Pack