Learn AI

Theory of AI

What AI actually does, what it cannot do, and why the difference matters.

If you've never opened an AI tool — or you have but the mechanics still feel like magic — this is the place to start. By the end of this module you'll understand AI the way a calibrated user does: useful, fallible, and very much yours to supervise.

Benefits of AI

Where AI actually creates value — four patterns you'll come back to every week.

Theory told you what AI is and isn't. Now we get practical. AI doesn't create value everywhere — but in four places it reliably does. Compression. Drafting. Translation. Reasoning. These are the patterns you'll come back to every week once you've found them.

Dangers of AI

Where AI quietly creates trouble — five traps you should be able to name before you rely on it for real work.

Benefits told you where AI reliably creates value. This module is the other side of that map. None of these dangers are reasons to avoid AI — they're reasons to use it with your eyes open. By the end you'll be able to name the five traps and recognize them in the wild, which is most of what separates a calibrated practitioner from someone who'll eventually feature in a news story.

Mechanics of AI

Under the hood — five mechanics you should understand before you depend on AI for real work.

Theory told you what AI does. Benefits showed you where it pays. Dangers named the traps. Now we lift the hood. You don't need to be an engineer to use AI well — but the calibrated user knows enough about the machinery to predict its behavior, explain its limits, and make better decisions about which tool fits which job. Five mechanics, no math.

Proactive Safety

Five habits that turn the first four modules into the way you actually work.

Theory named the engine. Benefits mapped the dividends. Dangers named the traps. Mechanics lifted the hood. This module is the synthesis — the five habits that turn all of that into the way you, your team, and your organization actually operate with AI. Habits, not principles. Things you do every time, not things you remember when you have time. Finish this module and you've finished the Foundations trail.

Governance Foundations

What AI governance is, who it's for, and the artifacts that make it real.

If you've finished the AI Foundations trail, you can use AI well as an individual. This trail is the other half of the work: how an organization governs AI use across the people, the policies, and the regulators. Module 1 sets the frame. Five things every leader, policy author, and L&D buyer should be able to answer on a Monday morning — what governance actually is, what its three layers are, which frameworks are worth knowing by name, what artifacts you produce, and who owns what inside the org.

Risk Management

How to classify, treat, and re-classify AI risks — and when the answer is no.

Governance Foundations gave you the operating frame. This module is where the frame meets the use case. Every AI deployment carries a specific risk profile, and the discipline of risk management is making that profile explicit, applying controls scaled to it, watching it over time, and being willing to refuse the deployments that don't survive the analysis. Five things every leader, IT owner, and per-use-case operator should be able to do.

Regulatory Crosswalk

Mapping your stance to the specific framework requirements your regulators expect.

Risk Management gave you the program. Now we get specific. A regulatory crosswalk is the artifact that maps each requirement of each applicable framework to a specific control your organization operates — with evidence. Crosswalks turn 'we have a governance program' into 'here is the requirement, here is our control, here is the artifact that proves it.' That mapping is what carries an organization through a regulator inquiry, customer audit, or board review with answers instead of narrative.

Platform-Native vs. Org-Overlay Governance

What your AI platform already provides — and what your organization has to add on top.

Regulatory Crosswalk mapped your controls to framework requirements. This module gets one layer underneath that: which of your controls come from the AI platform you use (platform-native) and which you have to build yourself (org-overlay). Knowing the boundary is what lets you avoid two equally common failures — over-building controls your vendor already provides, and assuming controls exist that your vendor doesn't actually offer. Five things every IT lead, vendor manager, and policy author should be able to inventory cleanly.

Enterprise Integration

How AI governance ties into the rest of your organization's risk, compliance, and operating stack.

AI governance doesn't exist in isolation. Your organization already has information security, privacy, vendor management, legal, audit, and enterprise risk-management programs — each with its own owners, artifacts, cadences, and reporting lines. AI governance has to coordinate with all of them: where they overlap, where AI adds requirements they don't cover, and where the organizational structures connect. This module is the integration layer — five things every leader, IT owner, and governance program author should be able to design intentionally.

Standing Up the Program

A regulated mid-size company is launching its AI governance program. You're the lead. You have 90 days.

Five modules in, you've learned what an AI governance program is, how to assess risk, how to crosswalk regulations to your operating context, how platform-native and overlay controls combine, and how the program integrates with enterprise workflows. Now you assemble it. Marcus has asked you to draft Vesta Medical's governance program — the document the board will sign and the auditors will measure against. The capstone walks through the structural choices that define the program. Each is a real trade-off: control rigor vs. operator velocity, breadth vs. depth in critical paths, internal authoring vs. external attestation. There aren't single right answers — but some combinations are coherent and some aren't. Pick the program you can defend.

The Assurance Engagement

Vesta Medical's complaint-summarization AI is six weeks from EU launch. The conformity assessment lands on your desk.

Six modules in, you've learned how AI risks get classified, how regulatory crosswalks turn frameworks into operating controls, where platform-native and overlay controls each cover ground, what proactive-safety habits look like, and how prompt-injection threats map to defenses. Now you sit in the chair facing the auditor. Vesta Medical's complaint-summarization assistant is six weeks from a launch into the EU market. Marcus has committed the date to the board. A notified-body conformity assessor — the auditor — has arrived for the readiness review. Devon is the program owner being audited. Sarah, Priya, and Mike are the operators whose work is the evidence. You answer the auditor's questions in real time. Five nodes. Each one is a discipline test: does the evidence exist before the question, or are you constructing it after? Pick the path you can defend.

Anthropic Platform

Claude chat, Claude Code, Cowork, Claude in Chrome, Claude in Excel, the API and Console, MCP, and enterprise features — what each one does and which to reach for.

OpenAI Platform

ChatGPT plans, GPT and o-series models, Codex, DALL·E, Whisper, and the API platform — what each one does and which to reach for.

Google AI

Gemini, Workspace AI, AI Studio, Vertex AI, NotebookLM, AI Overviews, and Gemma — when each fits and how they relate.

Meta AI

Llama 3 and 4, the Meta AI assistant across Facebook/Instagram/WhatsApp, AI Studio, and the Llama API.

Microsoft AI

Microsoft Copilot, M365 Copilot, GitHub Copilot, Azure OpenAI, Foundry, and Copilot Studio — the full enterprise stack.

Salesforce AI

Agentforce, Einstein Copilot, Atlas Reasoning, Data 360, Prompt Builder, Model Builder, the Trust Layer, and Flow with AI.

ServiceNow

ServiceNow's AI-native stack: Now Assist, AI Agents, AI Control Tower, Workflow Data Fabric, Context Engine, EmployeeWorks, and the April 2026 Foundation / Advanced / Prime tier model. Test your fluency on what each product does, where it fits, and the pricing gotchas to flag in pre-sales conversations.

Hugging Face

Model Hub, Datasets, Spaces, Inference Providers and Endpoints, Transformers, AutoTrain, and Enterprise Hub.

Mistral and DeepSeek

The two leading non-US open-weight providers — model lineups, API platforms, and where each fits.

Local Agents

Open-source local agent frameworks: setup, security, messaging, and enterprise readiness compared.

Enterprise AI

How large organizations select AI platforms, manage governance, and integrate AI across their stack.

Code Assistants

Claude Code, GitHub Copilot, Cursor, Windsurf, Amazon Q, Cline, Codex CLI, and OpenCode — pricing, models, and agent modes.

AI Agents

Autonomous agent platforms and frameworks — where they fit, how they differ, and what to choose.

AI Search

Perplexity, ChatGPT Search, Gemini, AI Overviews, You.com — the new generation of search interfaces.

Chat Assistants

Claude vs ChatGPT vs Gemini vs Copilot vs Perplexity vs Grok — pricing, models, and capabilities.

Claude Tools

Claude Chat, Claude Code, Cowork, Claude in Chrome, Desktop Commander — the full Anthropic product suite.

First 60 Minutes with Cowork

From install to your first scheduled routine — what to do in your first hour with Cowork, in the order that works.

The Cowork deep-dive page tells you what every layer is. This module gets you to your first useful result. Six steps, roughly ten minutes each, ending with a routine that fires tomorrow morning whether or not you open the app again.

Claude Code

A deep dive on Claude Code: the CLI, Plan Mode, skills, subagents, hooks, slash commands, MCP, and plugins. What each layer is for, and the loop that uses them well.

Cowork

Anthropic's agentic desktop app for knowledge work: skills, plugins, connectors, scheduled tasks, artifacts, folder access, and the Claude in Chrome bridge. How to get started without overdoing it.

Cowork Common Mistakes

Eight mistakes that show up in nearly every new Cowork user's first month — the fix for each, the underlying pattern (scope creep, trust drift, duplication), and the one procedural rule that prevents most of them.

Cowork by Role

Pick the role that's closest to yours. Get a starter pack — one plugin, two or three connectors, one routine — that'll matter to you specifically.

The cowork-first-60-minutes module gives every user the same walkthrough. This one branches by role. Pick yours, install the three things at the end of the branch, come back next week and tell us how it went. If your role isn't listed, pick the closest — most setups overlap more than they differ.

The Operator Under Pressure

You've been running Cowork for 60 days. Marcus wants a board-ready analysis by Monday — and the work pushes against every shortcut you've built so far.

Five modules in, you've picked the right Cowork role-pack, run the first-60-minutes setup, internalized the proactive-safety habits, learned the agent-verification rituals, and walked the eight common mistakes. This capstone is the Friday afternoon where the habits get tested. It's 3 p.m. on Friday. Marcus needs a board-ready analysis by Monday morning. The work pulls from three sources, includes complaint records with Sarah's PII, and lands on a draft analysis with three load-bearing claims — one of which has a number that's exactly round. You have a scheduled routine that already fires weekly for a different report. You have a connector lineup you've been deliberate about. You have the pressure of a date. Four nodes, then a fifth that asks you to name what you almost did wrong. Each node is a procedural-rule test: does the rule hold under time pressure, or does the pressure win? Pick the path you can defend.

Claude Code vs Cowork

Picking between Anthropic's two agentic surfaces: when to reach for Claude Code, when to reach for Cowork, and the strategic insight that they share primitives.

Design + Build Workflow

Using Cowork and Claude Code together to design and build apps. Cowork as the strategy layer, Claude Code as the execution layer, the six-phase pattern, and the one anti-pattern that wrecks it.

Knowledge Graphs

When you need a graph database, when you just need graph thinking, and how to capture most of the value in Postgres.

Agent Verification

How to know if your AI agent's context is reliable. Trust ordering, memory hygiene, diff reading, browser smoke testing, and verification questions — the practices that prevent acting on stale or extrapolated claims.

Hosting & Deploy

Vercel, Netlify, Cloudflare Pages, Railway, Render, Fly.io — free tiers, build limits, and framework support.

Database Providers

Neon, Supabase, Turso, Railway — managed database platforms compared.

Database ORMs

Drizzle, Prisma, Kysely, TypeORM, Sequelize, raw SQL — type safety, bundle size, and serverless cold starts.

CSS Frameworks

Tailwind, Bootstrap, Bulma, vanilla CSS, Pico, Open Props — bundle size, customization, and AI-friendliness.

Email Platforms

Mailchimp, Kit, Resend, Brevo — newsletter and transactional email platforms compared.

Website Contact

Calendly, Cal.com, Formspree, custom forms — choosing how visitors reach you.

Picking a Data Foundation

A small accounting firm decides how to ground its first AI assistant.

An interactive case study: walk an 80-person accounting firm's choice of data foundation for its first AI assistant — and learn why context discipline, not model choice, decides whether AI deployments hold up.

Using Cowork Safely

Anthropic's official Cowork safety guidance — file access, scheduled tasks, 'Act without asking' mode, computer use, MCPs and plugins, cross-app data sharing, and mobile-as-remote-control. The practices that keep an autonomous agent from going where you didn't intend.

Prompt Injection: Mental Models

The eight mental models that organize every other prompt-injection defense — data vs instructions confusion, the lethal trifecta, direct vs indirect injection, the agent surface as attack surface, trust boundaries, capability vs autonomy, defense in depth, and the Stranger Test.

Prompt Injection: Threat Taxonomy

How prompt-injection attacks actually arrive: direct vs indirect, document/web/email/multimodal carriers, tool-result injection, exfiltration via tool chains, memory poisoning, confused deputy patterns. The dangerous attacks are indirect — this page tells you which surfaces deliver them.

Prompt Injection: Defenses

Defense in depth, applied — limiting input surface, tagged inputs, capability restriction, scoped credentials, human-in-the-loop gates, output validation, content provenance, sandboxing, monitoring, incident response. No silver bullets, layered defenses, sized to consequence.

Prompt Injection: File-Reading Agents

The injection-specific angles for Cowork, Desktop Commander, and other file-reading agents. Document payload anatomy (PDFs, DOCX, XLSX, images), cross-file payload chains, working-folder discipline, capability restriction for file workflows, and in-flight injection detection.

Prompt Injection: MCP Servers

Why MCPs are dependencies, not features — and what supply-chain discipline looks like applied to AI tool servers. Tool-result injection, tool definition tampering, plugin bundles as multi-component installs, chain-of-tool attacks, and the 5-minute install vetting pass.

Prompt Injection: Browser Agents

The web is the largest injection surface in active use. Hidden HTML payloads, visible-but-disguised payloads, cross-page navigation chains, SEO-poisoned results, form-fill exfil, Claude in Chrome's consent model, per-session site allowlists, and in-session detection.

Prompt Injection: Email and Chat Connectors

Anyone with your email address or workspace ID can write into your agent's context. Email body payloads, calendar invite payloads, Slack/Teams messages, attachment payloads, reply-as-exfil, sender allowlisting limits, auto-triage as injection magnet.

Tracing the Injection Chain

You're Lin. One bad row in the warehouse turns out to be the first link in a chain that crosses five surfaces.

Five modules in, you've learned the eight mental models of prompt injection, the threat taxonomy across direct and indirect carriers, the layered-defenses approach, the file-reading agent angles, the MCP supply-chain discipline, the browser-agent attack surface, and the email/chat connector exposure. This capstone is the investigation where those modules become a single piece of work. You're Lin, data engineer at Vesta Medical. It's a Wednesday afternoon and you're doing routine warehouse maintenance when you spot a complaint record whose body text reads like a prompt injection rather than a customer message. The record came in through your feedback connector six months ago. Sarah's been summarizing it daily with the team's chat assistant. Mike's QA dashboards may have downstream copies. The browser agent that fetches related vendor pages might have pulled the same payload from the vendor's public site. Priya wants to know whether PHI is exposed; Devon wants to know what discipline should have caught this. Five nodes — one per surface, then convergence. Each one asks the investigator's question: what do you check, how do you investigate without becoming part of the attack chain, and what's the discipline that names every boundary as a sanitization line?

Know Your AI Rights

What you can actually demand when an algorithm decides about you — and what's just a press release.

There's a document called the "Blueprint for an AI Bill of Rights." It sounds like it hands you rights. It doesn't — not the kind you can enforce. This module separates the AI rights that are aspirational from the ones that actually bite, so that when an algorithm denies your loan, screens you out of a job, or flags your benefits, you know exactly what you can demand and which law stands behind it. The surprise for most people: your strongest protections come from laws written decades before modern AI, applied to it.

Spotting AI in Your Decisions

You can't claim a right you don't know applies — so the first skill is noticing when an algorithm is in the loop.

Module one mapped the rights you have when an algorithm decides about you. But a right is useless if you never realize an algorithm was involved — and most of the time, nobody tells you. Your apartment application, your insurance quote, your resume, your benefits eligibility: any of them may have been scored by a system you never saw. This module is the detection skill — knowing when you're legally entitled to be told, how to find automated decisions hiding in the fine print, and how to spot them even when no one discloses.

Your AI Escalation Playbook

A step-by-step for when an automated decision goes against you — what to demand, where to escalate, and what it can't fix.

Knowing your rights and spotting the algorithm only matter if you can act. This is the playbook: a four-step sequence to run when an automated decision harms you — pinning down the decision, demanding what your situation entitles you to, escalating from the company to the regulators, and knowing both your opt-outs and the honest limits. It's a checklist, not a lecture. Finish it and you've finished the trail.

Claiming Your AI Rights

Two algorithmic rejections in one week — an auto-loan denial and a New York hiring auto-rejection. The discipline either transfers across domains or only worked once.

Three modules in, you've learned to tell aspirational AI principles from enforceable sectoral law, to detect when an automated system is in the loop even when no one tells you, and to run the four-step playbook when an automated decision goes against you. This capstone is the week your knowledge meets two algorithms in two different domains. You've been between jobs since a car accident totaled your car last month. You applied for an auto loan online Tuesday to replace it — the lender rejected you in thirty seconds. Friday afternoon, an NYC employer's automated screen rejects your application before a human ever reads it. The clock is running on next week's interviews and on the dispute windows that protect you. The playbook either holds across domains or only worked once. Five nodes. The first three walk the playbook on the loan; the fourth tests whether the discipline transfers to the job; the fifth asks you to name what you just did, operationally. Pick the path you can defend.