Safety First: Hands-on with GeminiCLI & Model Armor for Security

I attended the GDG Kolkata Pre-DevFest Workshop in a spontaneous and fun way, a friend informed me about the session at the last moment, and I decided to join out of curiosity.

What started as a casual decision quickly turned into a highly engaging and insightful hands-on experience. The workshop focused on building secure, responsible, and production-ready AI workflows on Google Cloud, emphasizing the importance of integrating security early in the development lifecycle.

Through live demos and practical exercises, we explored how modern AI safety and security tools can be used to protect applications from prompt injection, insecure deployments, and container vulnerabilities.

What I Learned

• AI Prompt Security & Sanitisation
  Gained hands-on experience with Model Armor on Vertex AI Workbench to secure AI prompts and responses, reducing risks related to injection attacks and sensitive data exposure.

• Secure Deployment & CI/CD Integration
  Learned how to use GeminiCLI alongside Trivy to automate container image vulnerability scanning on a Google Compute Engine (GCE) VM, ensuring safer deployments.

Tools & Resources Used

• GeminiCLI – Managing AI workflows via command-line tools
• Model Armor – AI safety and prompt protection on Google Cloud
• Trivy – Automated container image vulnerability scanning
• rcedit (Electron) – Editing Windows executable metadata during application packaging
  Click here for GitHub Repository

Personal Takeaway

Attending this workshop purely out of curiosity turned out to be a rewarding experience. It was both fun and educational, strengthening my interest in AI security, cloud tooling, and hands-on experimentation.