~/ctrl-alt-press/workshops/triad-prompt-lenses REV 1

Hands-on workshop · syllabus

The Triad of Prompt Lenses

Apprentice · Defense · Offense — build and operate AI-augmented systems without magical thinking.

Request a cohort seat Get the self-paced tier

Who it's for IT operators, builders, architects, EMs, and security/strategy leaders running AI in the loop on real production and procurement.

3
Lenses
9
Modules
2
Days live

§1 · Premise

Speed is the least interesting thing that happened to you

Adversarial prompting is a discipline of refusing the comfort of unmeasured success.

You are already faster with AI in the loop. The claim is that speed is the least interesting thing that happened to you, and that three failure modes are now compounding silently underneath it: your own judgment is dulling without a signal to prove it (Apprentice), the AI output your team ships carries your organization's full liability with none of its verification habits (Defense), and the velocity you gained is partly borrowed debt you have not yet priced (Offense).

The triad makes all three visible and gives you a hardened move for each. You install them in a fixed order, because the order is load-bearing.

§2 · Falsification bet

The bet we are willing to lose

The trust layer of this workshop is not a testimonial — it is a falsifiable claim with a horizon and a check. If it fails, we want the writeup.

THE BET FIG 1 PENDING

Position The triad adds function, not just friction Horizon Two quarters from install Checkable Judgment, ship-quality, and surfaced borrowed-velocity, measured

If an operator installs all three lenses faithfully for two quarters — a withholding configuration on their primary AI, a hardened defense gate on production output, an offensive move in each recurring ritual — and at the end their judgment is measurably no sharper, their team ships the same unverified output, and no instance of borrowed velocity was ever surfaced, then the triad added friction without function and I was wrong. I would want the writeup.

OPEN · CHECKABLE Judgment, ship-quality, and surfaced borrowed-velocity, measured

§3 · The three lenses

Three lenses, installed in a fixed order

Each lens hardens a different failure mode that AI-in-the-loop is compounding silently. You install them in sequence because the order is load-bearing — Defense and Offense are reasoning lenses, and hardening rituals while your judgment is outsourced is theater at best.

Install order Apprentice Defense Offense Never reversed
  1. 01

    Apprentice

    Run the engine so the operator strengthens, not weakens — including yourself.

    Operates on Your own (and your team's) cognitive cultivation; the deskilling effect of automation.
  2. 02

    Defense

    Your AI output is your organization's output. The model is not a separate legal entity.

    Operates on Production and procurement hardening; threat modeling; output you are about to trust.
  3. 03

    Offense

    Velocity you cannot explain is debt you cannot price.

    Operates on Your rituals and drafts; surfacing hidden drift; converting assumed quality into measured signal.

Load-bearing rule Apprentice → Defense → Offense, never reversed. Install the reasoning lenses while your judgment is being quietly outsourced and you harden rituals using AI-mediated reasoning about systems you no longer understand — theater at best, structurally destructive at worst. If time is short, modules are shortened, not resequenced.

§4 · Who gets what

Where the value lands by archetype

The triad is one core program, but its center of gravity shifts with where you operate. Pick your stance to see the emphasis and the recommended tier.

FIG 2 Same triad, your surface

Supporter L1–L2

Stance assist
Emphasis Defense on customer-facing output; the Moffatt standard at the front line.
Where value lands Self-paced + Defense module

Builder L3

Stance implement
Emphasis Defense against package hallucination and improper output handling in the pipeline.
Where value lands Defense + Offense

Architect Principal

Stance design
Emphasis Apprentice protects architectural intuition — for the Architect, the diagram is the cognition.
Where value lands Apprentice + the Patterns Library

Orchestrator EM / Director

Stance orchestrate
Emphasis Apprentice is dual: self-cultivation and team-cultivation; rituals are the spine.
Where value lands Full triad, cohort/in-person

Strategist CISO / CTO / VP

Stance govern
Emphasis Apprentice protects the judgment behind kill criteria; Defense governs procurement.
Where value lands Full triad + capstone defense

§5 · Curriculum

Three modules, then the capstone

Each module is one lens: an objective, the core move, a build exercise you do with pen and paper, and a checkpoint that names the failure mode. Pilot them one at a time.

FIG 3 Modules 1–3 + capstone
Module 1 · Lens 1 The Apprentice Lens — structure the AI to withhold the answer

Objective

Install structural friction — not willpower — that defaults your AI to mentor mode, so you practice your own judgment thousands of times instead of outsourcing it.

Core move

Configure the model to refuse the thinking you must do to stay skilled: it asks the questions a strong senior peer would ask; you generate the answers. Oracle mode becomes a typed, opt-in exception.

Exercise

Write your Withholding Configuration: default to a senior peer's questions, forbid drafting your highest-judgment work, define one phrase that unlocks oracle mode, and name the task it is built to intercept.

Checkpoint

No opt-in oracle escape hatch → a rule you will delete under pressure. No forbidden task → a decoration. It needs both.

Module 2 · Lens 2 The Defense Lens — your AI output is your output

Objective

Install a gate that verifies AI output before you trust it in production or buy it in procurement, scored against a fixed taxonomy.

Core move

The Moffatt pattern: you cannot tell a customer, regulator, or tribunal that the chatbot did it. Targets OWASP LLM01 (prompt injection), LLM05 (improper output handling), LLM09 (misinformation incl. package hallucination).

Exercise

Harden one real output: name the canonical ground truth you validate against (not another AI), the most-live OWASP risk, the Moffatt-standard liability, the smallest reversible ritual change, and your fixed error taxonomy.

Checkpoint

If your validation source is “the model seemed confident” or “another AI agreed,” you have no gate. Replace it with a runbook, policy doc, database record, or a human who owns the truth.

Module 3 · Lens 3 The Offense Lens — surface the drift before it fails loudly

Objective

Modify your recurring rituals so each carries exactly one adversarial move that converts the absence of noisy failure into a measured quality signal.

Core move

With AI in the loop the dangerous failures are quiet: green metrics, fast standups, clean-looking PRs, comprehension hollowing out underneath. Offense is the discipline of going to look on a cadence — one move per ritual, not a program.

Exercise

Arm one ritual you own with a single adversarial move. Test it: does it surface borrowed velocity specifically, can it be reflexively gamed, does it add a meeting?

Checkpoint

If your move is a new recurring meeting, cut it and re-attach it to a ritual you already run. Offense modifies; it does not accrete.

Capstone · adversarial defense Capstone — install and defend your triad

Brief

Produce a 60-day install plan for the triad in your own environment (or the supplied regulated-enterprise scenario), then defend it before a panel in the CTRL ALT PRESS voice.

Scenario

You lead an IT function inside a regulated enterprise. Velocity is up 30% and celebrated in QBRs; an AI support reply just went viral for being confidently wrong; a respected senior says their instincts feel dull; and a week-three hire's “clean” 600-line PR looks suspiciously generated. 60 days, no new headcount, you may not stop the team using AI.

Must contain

  • Your withholding configuration (Apprentice), and the one task it intercepts.
  • One hardened defense gate (Defense), scored against an OWASP-aligned taxonomy and the Moffatt standard.
  • One armed ritual (Offense), with its single adversarial move.
  • The 60-day behavioral markers you will be held to.
  • Your defense of the Apprentice-first sequence against “just start with the security stuff.”

Pass line

Pass ≥ 18/30; distinction ≥ 24 with no dimension below 3.

You will leave able to

  • State the three lenses, their guiding principles, and defend the Apprentice-first sequence against the “we don't have time” objection.
  • Install a withholding configuration on your primary AI that defaults it to mentor mode and makes oracle mode opt-in.
  • Run a hardened defense gate on a real piece of production-bound AI output, scored against an OWASP-aligned taxonomy and the Moffatt standard.
  • Modify a recurring ritual with exactly one offensive move that surfaces borrowed velocity without adding resented bureaucracy.
  • Recognize your own entering-state traps and exit with a 60-day install plan and a take-home prompt library.

§6 · Evidence floor

The research this stands on

No testimonials, no countdown timers. The trust layer is named, checkable research — each claim with its source and an honest weight note.

  1. 01

    Active production beats passive receiving for retention.

    The generation effect (formalized 1978) Foundational, low bias.

  2. 02

    The cognitive struggle of a problem is the mechanism of learning.

    Desirable difficulties (Bjork, 1994) Foundational.

  3. 03

    Automation degrades situational awareness exactly when intervention is needed most.

    Ironies of Automation (Bainbridge, 1983) 40 years of lineage for the Apprentice Lens.

  4. 04

    AI-assisted endoscopists showed ~6% absolute detection decline when unassisted.

    Lancet Gastroenterology & Hepatology (2025) Real, peer-reviewed; treated as analogue, not IT data.

  5. 05

    Adversaries plant instructions in data a model later consumes; live risks LLM01/05/09.

    Greshake et al. (2023); OWASP Top 10 for LLM Apps (2025) Primary security doctrine.

  6. 06

    No partition between an LLM and the organization that deploys it.

    Moffatt v. Air Canada (2024 BCCRT 149) The legal anchor.

  7. 07

    An 85%-reliable-per-step agent completes a 10-step workflow correctly ~20% of the time.

    Agentic compounding-error math Illustrative of the mechanism, not a measured constant.

§7 · Enroll

Choose your delivery tier

Three modalities, same curriculum. Efficacy rises with the live BUILD/BREAK drills — the in-person intensive is the embodied version and the core of the enterprise transformation offer.

Delivery modalities
ModalityFormatEfficacyPositioning
Self-paced 9 modules (~13.5 hrs), templates, async debriefsLowest for this material — no live BUILD/BREAKEntry tier; justified by the template + prompt library and lifetime updates
Virtual cohort 9 weekly live 90-min sessions, capped ~12, cameras-on paper drillsHigh — accountability + witnessed no-AI stretchesPremium; the cap preserves drill integrity
In-person intensive 2.5 days, fully analog, live drills against instructor antagonistsMaximum — the practice is embodiedTop tier; ~16 seats; core of the enterprise transformation offer

The unified core of the per-archetype adversarial-prompting program; pairs with The Experience Outcome Layer.

Request a cohort seat Get the self-paced tier

Register

Register for this workshop

Submitting this form emails the CTRL ALT PRESS team your details — we'll follow up by email to confirm dates, delivery, and next steps.