Workshop Types
- Workshop 1 (Build): A deep dive into Agentic AI Lifecycle with labs
- Workshop 2 (Assure): Immersive AI Guardrails Lab with adversarial benchmarks and validation
- Workshop 3 (Trust): Implementing DPDPA and Consent Management Hands-on
Presenters
Suresh Kumar, Amazon Web Services


Description
Agentic AI is transforming how organizations design, deploy, and govern intelligent systems capable of autonomous decision-making and task execution. This hands-on workshop provides participants with a comprehensive understanding of the Agentic AI lifecycle, from architecture and development to deployment and governance.
The workshop will cover key Agentic AI concepts and AWS services, including Amazon Bedrock Agents, Amazon Bedrock AgentCore, Amazon Kiro, and related AWS capabilities that enable organizations to build, orchestrate, secure, and scale AI agents effectively. Participants will gain practical experience through guided labs, demonstrations, and real-world use cases that illustrate how Agentic AI solutions can be developed and managed in enterprise environments.
What you will learn
- Understand the core concepts, architecture, and lifecycle of Agentic AI systems.
- Explore how AI agents plan, reason, orchestrate tasks, and interact with enterprise applications and data sources.
- Design and build AI agents using AWS services such as Amazon Bedrock Agents, Amazon Bedrock AgentCore, and Amazon Kiro.
- Implement multi-agent workflows and orchestration patterns for complex business use cases.
- Apply best practices for securing, monitoring, and governing Agentic AI solutions in enterprise environments.
- Evaluate risks, guardrails, and operational considerations associated with autonomous AI systems.
- Deploy and scale Agentic AI applications using AWS-native capabilities.
- Gain hands-on experience through guided labs, demonstrations, and real-world implementation scenarios.
- Understand how Agentic AI can accelerate business processes, decision-making, and automation across industries.
- Develop practical insights into managing the end-to-end lifecycle of Agentic AI solutions—from development and testing to deployment and ongoing governance.
High level Agenda
[will be updated]
Prerequisites
- Basic understanding of AWS Cloud concepts
- Familiarity with Amazon Bedrock fundamentals
- Laptop with internet connectivity
- AWS account access (recommended, if required for labs)
Who Should Attend
- Passionate learners interested in Agentic AI and Generative AI
- IT Auditors and Assurance Professionals
- Cybersecurity Professionals
- Governance, Risk, and Compliance (GRC) Practitioners
- Cloud Architects and Engineers
- Technology Leaders and AI Enthusiasts
Pre-Read Materials
AWS Cloud Fundamentals
- AWS Cloud Overview: https://aws.amazon.com/what-is-aws/
- AWS Documentation Home: https://docs.aws.amazon.com/
Amazon Bedrock
- Amazon Bedrock Documentation: https://docs.aws.amazon.com/bedrock/
- What is Amazon Bedrock: https://docs.aws.amazon.com/bedrock/latest/userguide/what-is-bedrock.html
Amazon Bedrock AgentCore
- Amazon Bedrock AgentCore Overview: https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-bedrock-agentcore.html
- Bedrock AgentCore Starter Toolkit: https://aws.github.io/bedrock-agentcore-starter-toolkit/
Amazon Kiro
- Kiro Documentation Overview: https://aws.amazon.com/documentation-overview/kiro/
- Kiro Documentation: https://kiro.dev/docs/
Detail agenda
[will be updated]
Presenters
Description
As organizations increasingly adopt Generative AI and Agentic AI solutions, ensuring that these systems are secure, trustworthy, compliant, and resilient against adversarial threats has become a critical business requirement. AI systems are susceptible to risks such as prompt injection attacks, jailbreak attempts, data leakage, hallucinations, model misuse, and regulatory non-compliance, making effective AI guardrails essential for safe deployment.
This hands-on workshop provides participants with practical knowledge and experience in designing, implementing, testing, and validating AI guardrails for enterprise AI systems. Attendees will learn how to identify vulnerabilities, conduct adversarial testing, evaluate guardrail effectiveness, and establish governance and assurance frameworks aligned with industry best practices and regulatory expectations.
The session will also introduce participants to the Zytra AI Governance Portal and demonstrate how organizations can operationalize AI governance, risk management, assurance, and compliance across the AI lifecycle. Through demonstrations, case studies, and hands-on exercises, participants will gain exposure to real-world AI safety challenges and validation methodologies, including AI red teaming and adversarial benchmarking approaches.
What you will learn
By the end of the workshop, participants will have:
- A practical understanding of common AI risks, including prompt injection, jailbreak attacks, data leakage, and hallucinations.
- Experience in applying structured testing approaches to assess AI system behavior and control effectiveness.
- Exposure to adversarial testing and validation techniques used to evaluate AI safety and trustworthiness.
- An understanding of benchmark-driven evaluation approaches and their application to real-world use cases.
- Practical insights into AI governance, assurance, and risk management considerations for enterprise AI deployments.
The workshop is intended as a knowledge-sharing and experiential learning session focused on industry practices, testing methodologies, and lessons learned from real-world AI implementations.
High level Agenda
| Time | Session |
|---|---|
| 09:30 AM – 10:00 AM | Introduction, Workshop Context, and Opening Remarks |
| 10:00 AM – 11:15 AM | Session 1: Introduction to AI, AI Risks, and Effective Use of AI Guardrails |
| 11:15 AM – 11:30 AM | Tea / Networking Break |
| 11:30 AM – 01:00 PM | Session 2: Introduction to Zytra AI Governance Portal and Application Walkthrough |
| 01:00 PM – 02:00 PM | Lunch Break |
| 02:00 PM – 03:30 PM | Hands-on Lab Session – Part 1 (AI Guardrails Implementation and Validation) |
| 03:30 PM – 03:45 PM | Tea / Networking Break |
| 03:45 PM – 04:30 PM | Hands-on Lab Session – Part 2 (Evaluation Framework Setup and Benchmark Configuration) |
| 04:30 PM – 05:00 PM | Q&A, and Closing Remarks |
Disclaimer: Please note that the timelines and agenda are subject to change. We shall keep you posted on the changes.
Prerequisites
- Basic understanding of Generative AI and Large Language Models (LLMs)
- Familiarity with AI governance, cybersecurity, risk management, or assurance concepts
- Laptop with internet connectivity
- Access to browser-based basic AI tools
Who Should Attend
- Auditors and Assurance Professionals
- Cybersecurity Professionals
- Governance, Risk, and Compliance (GRC) Practitioners
- AI Governance and Responsible AI Teams
- Model Risk Management Professionals
- Financial Services Technology and Risk Teams
- Technology Leaders and Enterprise Architects
- AI Product Owners and Program Managers
- AI Engineers and Data Scientists
- Professionals interested in AI Safety, Trustworthy AI, and Responsible AI
Pre-Read Materials
To ensure participants derive maximum value from the workshop, they are encouraged to review the following materials prior to attending.
AI Governance & AI Safety
-
NIST AI Risk Management Framework (AI RMF)
Provides guidance for identifying, assessing, and managing AI-related risks throughout the AI lifecycle.
https://www.nist.gov/itl/ai-risk-management-framework -
OWASP Top 10 for LLM Applications
Covers the most common security risks and vulnerabilities associated with Large Language Model (LLM) applications, including prompt injection, data leakage, and insecure output handling.
https://owasp.org/www-project-top-10-for-large-language-model-applications/
AI Guardrails
-
NVIDIA NeMo Guardrails
An open-source toolkit for implementing safety, security, and compliance controls in conversational AI and LLM-powered applications.
https://docs.nvidia.com/nemo/guardrails/ -
Amazon Bedrock Guardrails
Overview of guardrail capabilities for implementing content filtering, safety controls, privacy protections, and policy enforcement for generative AI applications.
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html -
Gen AI Guardrails
Why domain-native validation cannot be an afterthought
https://cio.economictimes.indiatimes.com/news/cio-dispatch/guardrails-for-genai-in-indian-banking-ensuring-compliance-and-safety/131454004 -
Semalith v1.5: A purpose built safety classifier
Why General-purpose Guardrails are not enough
https://medium.com/data-science-collective/the-question-that-stops-every-genai-bank-rollout-cold-714de87a5a62
AI Regulation & Governance
-
EU AI Act Overview
Introduction to the European Union’s AI Act, including risk-based classifications, compliance obligations, and governance requirements for AI systems.
https://artificialintelligenceact.eu/ -
ISO/IEC 42001 Overview
Overview of the international standard for AI Management Systems (AIMS), providing guidance for establishing, implementing, maintaining, and continually improving AI governance practices.
https://www.iso.org/standard/81230.html
Model Validation & Independent Assurance
-
Federal Reserve SR 11-7 Model Risk Management Guidance
Foundational guidance on model risk management, validation, governance, monitoring, and independent review practices applicable to AI and machine learning models.
https://www.federalreserve.gov/supervisionreg/srletters/sr1107.htm
Optional Reading
Participants may also familiarize themselves with the following concepts before the workshop:
- Fundamentals of Generative AI and Large Language Models (LLMs)
- Prompt Engineering Best Practices
- Prompt Injection and Jailbreak Attack Techniques
- AI Red Teaming and Adversarial Testing
- Responsible AI and AI Assurance Frameworks
- AI Governance Operating Models
- Risk Management for AI and Agentic Systems
Detail agenda
Registration & Warm-Up
Registration & Introduction
- Participant introductions and workshop objectives
- Overview of AI adoption trends, emerging risks, and regulatory expectations
- Discussion on participant AI initiatives and challenges
PART A – Foundations of AI Governance and Guardrails
Session 1 — Introduction to AI, AI Risks, and Effective Use of AI Guardrails
- Evolution of Generative AI and Agentic AI systems
- AI risk categories: hallucinations, prompt injection, jailbreaks, data leakage, unsafe outputs, and compliance risks
- AI Guardrails concepts, architectures, and implementation approaches
- Defense-in-depth approach for AI safety and security
- Mapping AI risks to preventive, detective, and corrective controls
- NIST AI RMF, ISO 42001, EU AI Act, and RBI expectations
Session 2 — Introduction to Zytra AI Governance Portal and Application Walkthrough
- AI governance lifecycle: Discover, Register, Govern, Evaluate, Enforce, Audit
- AI asset inventory and risk classification
- Policy and control management
- AI risk assessment workflows
- Guardrail management and evaluation workflows
PART B – Hands-on AI Guardrails and Validation Lab
Hands-on Lab Session – Part 1: AI Guardrails Implementation and Validation
- Configuring AI Guardrails for Enterprise AI Applications
- Prompt Injection & Jailbreak Attack Testing
- Data Leakage Prevention & Sensitive Information Protection
- Hallucination Detection and Guardrail Effectiveness Validation
Hands-on Lab Session – Part 2: Evaluation Framework Setup and Benchmark Configuration
- Evaluation Framework Setup and Benchmark Configuration
- FINPROOF Benchmark Execution for BFSI Use Cases
- KYC/AML bypass simulation exercises
- Governance workflow execution using Zytra AI Governance Portal
Q&A and Closing Remarks
- Key takeaways and lessons learned
- Implementation roadmap and best practices
- Open discussion and participant questions
Presenters
Aayush Jain, Protaxology


Description
India’s Digital Personal Data Protection Act (DPDPA) shifts the focus from privacy compliance theory to implementation. This hands-on workshop is designed for practitioners looking to translate DPDPA requirements into practical organizational controls, operating models, and implementation roadmaps covering practical aspects such as data fiduciary obligations, data principal rights handling, privacy governance structures, control design and compliance readiness.
A dedicated focus area will be consent management, including:
- Designing consent notices and purpose specifications
- Consent capture, withdrawal, and preference management processes
- Consent recordkeeping and auditability requirements
- Integrating consent management platforms into business and technology processes
- Practical challenges in operationalizing consent across digital channels and ecosystems
Through implementation scenarios, walkthroughs, use cases, and interactive exercises, participants will work through practical approaches, templates, and considerations for building a DPDPA compliance program and operationalizing consent management in real-world environments.
What you will learn
- Understand the practical implementation requirements of India's Digital Personal Data Protection Act (DPDPA).
- Translate Data Fiduciary obligations and Data Principal rights into operational processes and controls.
- Design a privacy governance framework, including roles, responsibilities, policies, and oversight mechanisms.
- Assess the implications of Significant Data Fiduciary (SDF) obligations and compliance expectations.
- Create compliant consent notices and purpose specifications aligned with DPDPA requirements.
- Design effective consent capture, withdrawal, and preference management processes across digital channels.
- Address practical challenges arising from regulatory retention requirements and consent withdrawal requests.
- Build auditable consent records and evidence trails to demonstrate compliance.
- Understand the emerging Consent Manager ecosystem and integration considerations.
- Leverage AI-assisted techniques to accelerate privacy documentation, consent design, and compliance workflows while maintaining regulatory oversight.
High level Agenda
| Time | Session |
|---|---|
| 09:30 AM – 10:00 AM | Introduction, Workshop Context, and Opening Remarks |
| 10:00 AM – 11:15 AM | Session 1 (Presentation) — DPDPA: The Implementation Landscape |
| 11:15 AM – 12:15 PM | Session 2 (Use Cases) — Data Fiduciary Obligations & Data Principal Rights in Practice |
| 12:15 PM – 12:45 PM | Session 3 (Group Discussion) — Privacy Governance & Compliance Programme Structure |
| 12:45 PM – 01:30 PM | Lunch Break |
| 01:30 PM – 02:30 PM | Session 4 (Hands-on and AI Assisted) — Consent Deep-Dive: Designing Notices & Purpose Specifications |
| 02:30 PM – 03:30 PM | Session 5 (Hands-on and AI Assisted) — Consent Capture, Withdrawal & Preference Management |
| 03:30 PM – 03:40 PM | Tea / Networking Break |
| 03:40 PM – 04:40 PM | Session 6 (Hands-on and AI Assisted) — Consent Recordkeeping, Auditability & Platform Integration |
| 04:40 PM – 05:00 PM | Wrap-Up, Q&A & Handout Pack |
Disclaimer: Please note that the timelines and agenda are subject to change. We shall keep you posted on the changes.
Prerequisites
- Working knowledge of privacy, compliance, information security, risk, or data governance concepts.
- Basic familiarity with DPDPA provisions is recommended.
- Prior experience in privacy implementation, compliance, or control functions will help participants maximize hands-on exercises.
- Laptop with internet connection for hands-on
Who Should Attend
- Privacy professionals
- IS Auditors and Risk Professionals
- Compliance and legal practitioners
- CISOs
- Data governance leads
- Technology practitioners involved in DPDPA readiness and implementation
- Passionate Learners
Pre-Read Materials
- Digital Personal Data Protection Act, 2023 (Official): https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
- Digital Personal Data Protection Rules, 2025 (Official): https://www.meity.gov.in/static/uploads/2025/11/53450e6e5dc0bfa85ebd78686cadad39.pdf
- India Code Repository – DPDP Act, 2023: https://www.indiacode.nic.in/handle/123456789/22037
Detail agenda
Registration & Warm-Up
- Participants map their organization's top personal data collection touchpoints and current consent practices on a warm-up card.
- Cards used as live input throughout the day's exercises.
- Quick introductions and housekeeping.
PART A – Foundations
Session 1 — DPDPA: The Implementation Landscape (Presentation)
- Act & Rules architecture — two lawful bases (consent and legitimate uses), phased commencement timeline, and what is operative today.
- Data Fiduciary obligations — notice, security safeguards, accuracy, storage limitation, and deletion obligations under the Act.
- Data mapping & inventory — understanding what personal data the organisation collects, where it flows, how it is stored, and who processes it.
- Data Principal rights — right to information, correction, erasure, withdrawal of consent, grievance redressal, and nomination.
- Significant Data Fiduciary obligations — additional requirements for organisations designated as SDFs.
- Privacy governance — what a DPDPA compliance operating model looks like: roles, responsibilities, policies, and programme structure
- GDPR vs DPDPA — GDPR's six bases (consent, contract, legal obligation, vital interests, public task, legitimate interests) versus DPDPA's binary model of consent and legitimate uses;
Session 2 — Data Fiduciary Obligations & Data Principal Rights in Practice (Case Studies)
- Participants work through three BFSI use cases to identify what the Data Fiduciary must do and what the Data Principal can demand
- Legitimate uses under the Act - how to determine which processing activities in a BFSI context qualify; documentation and accountability obligations that attach even when consent is not required
- Each use case maps to specific Act obligations and surfaces the operational controls an organisation must have in place
- Groups share findings; facilitator consolidates into a Data Principal Rights Handling Framework
Session 3 — Privacy Governance & Compliance Programme Structure (Group Discussion)
- What does a DPDPA compliance programme look like in practice roles (DPO, privacy team, business owners), policies, and governance cadence
- Significant Data Fiduciary additional obligations = Data Protection Impact Assessment, Data Protection Officer, and periodic audits
- Groups identify the three most critical governance gaps in their own organisations and discuss remediation priorities
- Consultants in the room share cross-sector observations on what clients are and are not getting right
PART B – Consent Management
Session 4 — Consent Deep-Dive: Designing Notices & Purpose Specifications (Hands-on and AI Assisted)
- What valid consent requires under the Act — free, specific, informed, unconditional, unambiguous, granular; one consent per purpose
- Notice obligation — what must precede or accompany consent
- Participants use AI to draft a consent notice for their assigned sector persona (NBFC / bank / insurer / e-commerce platform)
- Groups review each other's output against a Notice Compliance Checklist — purpose specificity, plain language, withdrawal pathway, Consent Manager reference
- Discussion: where AI accelerates drafting and where regulatory judgment cannot be delegated to AI
Session 5 — Consent Capture, Withdrawal & Preference Management (Hands- on and AI Assisted)
- Consent capture design — what makes consent genuinely free and unambiguous across digital channels (web, app, physical); dark patterns and
what to avoid - Withdrawal obligation — must be as easy as giving consent; what this means as a design and process requirement under the Act
- Participants use AI to draft a Withdrawal Acknowledgement for their sector persona — covering what processing stops, applicable timelines, data deletion obligations, and grievance escalation options
- The retention conflict: how to document the organisation's position where statutory retention obligations (RBI, IRDAI, SEBI) conflict with withdrawal rights
Session 6 — Consent Recordkeeping, Auditability & Platform Integration
- What a valid consent record must capture — timestamp, specific purpose consented to, notice version presented, channel, and granularity evidence
- Participants use AI to design a Consent Record Template for their sector persona — all elements needed to demonstrate valid consent if challenged
- Consent Manager framework = what organisations must start building now
- Integrating consent management into existing business and technology processes — CRM, KYC, policy management, and digital onboarding systems
- Audit trail architecture — six evidence categories the Data Fiduciary must be able to produce: proof of notice delivery, timestamped consent record, granularity evidence, withdrawal log, downstream processor notification, deletion record
Wrap-Up, Q&A & Handout Pack





