Certified AI/ML Pentester
Certified AI/ML Pentester
(C-AI/MLPen)
The Certified AI/ML Pentester (C-AI/MLPen) is an intermediate-level exam designed to test a candidate’s knowledge of the core concepts involving AI/ML security. If you are passionate about identifying and exploiting potential security risks when deploying and managing Large Language Models (LLMs), then this one’s for you!
- Practical
- 4 Hours
- Online
- On-demand
- Real world pentesting scenarios
Our Candidates Say it Best
Jason Haddix 
CEO | Hacker | Trainer at Arcanum Information Security | C-AI/MLPen
I was really impressed with the exam. The 4 hour long, practical (ctf-style), online exam thoroughly tested me on common LLM vulnerabilities. The labs were carefully designed and the challenges mimicked real world scenarios. From direct/in-direct prompt injection test cases to the RAG poisoning challenge, it had a bit of everything. Including bypassing system prompt firewalls of a 𝘋𝘐𝘍𝘍𝘐𝘊𝘜𝘓𝘛 degree.
Joas A Santos '/%3e%3cpath id='l' d='M-26.25 0h52.5v-12h-40.5v-16h33v-12h-33v-11H25v-12h-51.25z'/%3e%3cpath id='k' d='M-31.5 0h12v-48l14 48h11l14-48V0h12v-70H14L0-22l-14-48h-17.5z'/%3e%3cpath id='b' fill-rule='evenodd' d='M0 0a31.5 35 0 0 0 0-70A31.5 35 0 0 0 0 0m0-13a18.5 22 0 0 0 0-44 18.5 22 0 0 0 0 44'/%3e%3cpath id='d' fill-rule='evenodd' d='M-31.5 0h13v-26h28a22 22 0 0 0 0-44h-40zm13-39h27a9 9 0 0 0 0-18h-27z'/%3e%3cpath id='n' d='M-15.75-22C-15.75-15-9-11.5 1-11.5s14.74-3.25 14.75-7.75c0-14.25-46.75-5.25-46.5-30.25C-30.5-71-6-70 3-70s26 4 25.75 21.25H13.5c0-7.5-7-10.25-15-10.25-7.75 0-13.25 1.25-13.25 8.5-.25 11.75 46.25 4 46.25 28.75C31.5-3.5 13.5 0 0 0c-11.5 0-31.55-4.5-31.5-22z'/%3e%3cuse xlink:href='%23a' id='o' transform='scale(31.5)'/%3e%3cuse xlink:href='%23a' id='p' transform='scale(26.25)'/%3e%3cuse xlink:href='%23a' id='r' transform='scale(21)'/%3e%3cuse xlink:href='%23a' id='q' transform='scale(15)'/%3e%3cuse xlink:href='%23a' id='s' transform='scale(10.5)'/%3e%3cg id='m'%3e%3cclipPath id='c'%3e%3cpath d='M-31.5 0v-70h63V0zM0-47v12h31.5v-12z'/%3e%3c/clipPath%3e%3cuse xlink:href='%23b' clip-path='url(%23c)'/%3e%3cpath d='M5-35h26.5v10H5z'/%3e%3cpath d='M21.5-35h10V0h-10z'/%3e%3c/g%3e%3cg id='h'%3e%3cuse xlink:href='%23d'/%3e%3cpath d='M28 0c0-10 0-32-15-32H-6c22 0 22 22 22 32'/%3e%3c/g%3e%3cg id='a' fill='%23fff'%3e%3cg id='f'%3e%3cpath id='e' d='M0-1v1h.5' transform='rotate(18 0 -1)'/%3e%3cuse xlink:href='%23e' transform='scale(-1 1)'/%3e%3c/g%3e%3cuse xlink:href='%23f' transform='rotate(72)'/%3e%3cuse xlink:href='%23f' transform='rotate(-72)'/%3e%3cuse xlink:href='%23f' transform='rotate(144)'/%3e%3cuse xlink:href='%23f' transform='rotate(216)'/%3e%3c/g%3e%3c/defs%3e%3crect width='100%25' height='100%25' x='-50%25' y='-50%25' fill='%23009b3a'/%3e%3cpath fill='%23fedf00' d='M-1743 0 0 1113 1743 0 0-1113z'/%3e%3ccircle r='735' fill='%23002776'/%3e%3cclipPath id='g'%3e%3ccircle r='735'/%3e%3c/clipPath%3e%3cpath fill='%23fff' d='M-2205 1470a1785 1785 0 0 1 3570 0h-105a1680 1680 0 1 0-3360 0z' clip-path='url(%23g)'/%3e%3cg fill='%23009b3a' transform='translate(-420 1470)'%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(-7)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(-4)'/%3e%3cuse xlink:href='%23i' y='-1697.5' transform='rotate(-1)'/%3e%3cuse xlink:href='%23j' y='-1697.5' transform='rotate(2)'/%3e%3cuse xlink:href='%23k' y='-1697.5' transform='rotate(5)'/%3e%3cuse xlink:href='%23l' y='-1697.5' transform='rotate(9.75)'/%3e%3cuse xlink:href='%23d' y='-1697.5' transform='rotate(14.5)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(17.5)'/%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(20.5)'/%3e%3cuse xlink:href='%23m' y='-1697.5' transform='rotate(23.5)'/%3e%3cuse xlink:href='%23h' y='-1697.5' transform='rotate(26.5)'/%3e%3cuse xlink:href='%23j' y='-1697.5' transform='rotate(29.5)'/%3e%3cuse xlink:href='%23n' y='-1697.5' transform='rotate(32.5)'/%3e%3cuse xlink:href='%23n' y='-1697.5' transform='rotate(35.5)'/%3e%3cuse xlink:href='%23b' y='-1697.5' transform='rotate(38.5)'/%3e%3c/g%3e%3cuse xlink:href='%23o' x='-600' y='-132'/%3e%3cuse xlink:href='%23o' x='-535' y='177'/%3e%3cuse xlink:href='%23p' x='-625' y='243'/%3e%3cuse xlink:href='%23q' x='-463' y='132'/%3e%3cuse xlink:href='%23p' x='-382' y='250'/%3e%3cuse xlink:href='%23r' x='-404' y='323'/%3e%3cuse xlink:href='%23o' x='228' y='-228'/%3e%3cuse xlink:href='%23o' x='515' y='258'/%3e%3cuse xlink:href='%23r' x='617' y='265'/%3e%3cuse xlink:href='%23p' x='545' y='323'/%3e%3cuse xlink:href='%23p' x='368' y='477'/%3e%3cuse xlink:href='%23r' x='367' y='551'/%3e%3cuse xlink:href='%23r' x='441' y='419'/%3e%3cuse xlink:href='%23p' x='500' y='382'/%3e%3cuse xlink:href='%23r' x='365' y='405'/%3e%3cuse xlink:href='%23p' x='-280' y='30'/%3e%3cuse xlink:href='%23r' x='200' y='-37'/%3e%3cuse xlink:href='%23o' y='330'/%3e%3cuse xlink:href='%23p' x='85' y='184'/%3e%3cuse xlink:href='%23p' y='118'/%3e%3cuse xlink:href='%23r' x='-74' y='184'/%3e%3cuse xlink:href='%23q' x='-37' y='235'/%3e%3cuse xlink:href='%23p' x='220' y='495'/%3e%3cuse xlink:href='%23r' x='283' y='430'/%3e%3cuse xlink:href='%23r' x='162' y='412'/%3e%3cuse xlink:href='%23o' x='-295' y='390'/%3e%3cuse xlink:href='%23s' y='575'/%3e%3c/svg%3e)
Red Team | Author of Books | C-AI/MLPen
The SecOps Group has crafted a rigorous challenge that required extensive research. I passed the exam, although I fell short by 2 out of 8 questions. Congratulations to The SecOps Group Team for creating a certification that not only made me study and research intensively but also highlighted the current content gap in this field. I believe they are pioneers in offering such a test!
Charlie W
Senior Security Analyst - Synack Red Team | C-AI/MLPen
So I got asked by Sumit Siddharth to check out their certification on AI/ML Pentest. I would highly recommend it. I can't wait to see more of their contents and testing. The test itself is quite fun and hands on. It's not a "bubble in your answer" but a hands on, hacking test. I definitely think The SecOps Group got this right in an emerging space. I finished it and got the certificate with merit.
Shaunak Chattopadhyay '%3e%3ccircle r='20' fill='%23008'/%3e%3ccircle r='17.5' fill='%23fff'/%3e%3ccircle r='3.5' fill='%23008'/%3e%3cg id='d'%3e%3cg id='c'%3e%3cg id='b'%3e%3cg id='a' fill='%23008'%3e%3ccircle r='.875' transform='rotate(7.5 -8.75 133.5)'/%3e%3cpath d='M0 17.5.6 7 0 2l-.6 5L0 17.5z'/%3e%3c/g%3e%3cuse xlink:href='%23a' transform='rotate(15)'/%3e%3c/g%3e%3cuse xlink:href='%23b' transform='rotate(30)'/%3e%3c/g%3e%3cuse xlink:href='%23c' transform='rotate(60)'/%3e%3c/g%3e%3cuse xlink:href='%23d' transform='rotate(120)'/%3e%3cuse xlink:href='%23d' transform='rotate(-120)'/%3e%3c/g%3e%3c/svg%3e)
Consultant, KPMG India | C-AI/MLPen
I am happy to share, that I have obtained the Certified AI/ML Penetration Tester with Merit from The SecOps Group. The exam was pretty challenging and took a real test of my skill. Having solved a few CTFs around prompt Injection I would say this is the best and most unique set of problems I have encountered. Highly recommend who want to delve into the world of AI Security.
Who should take the exam?
C-AI/MLPen is intended to be taken by pentesters, application security architects, SOC analysts, red and blue team members, AI/ML engineers and any AI/ML security enthusiast, who wants to evaluate and advance their knowledge.
What is the format of the exam?
C-AI/MLPen is an intense 4 hour long practical exam. It requires candidates to solve a number of challenges, identify and exploit various vulnerabilities and obtain flags. The exam can be taken online, anytime (on-demand) and from anywhere. Candidates will need to connect to the exam VPN server to access the vulnerable applications.
What is the pass criteria for the exam?
The pass criteria are as follows:
- Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
- Candidates scoring over 75% marks will be deemed to have passed with merit.
What is the experience needed to take the exam?
This is an intermediate-level exam. Candidates should have prior knowledge and experience of AI/ML pentesting. They should have a solid understanding of common application security topics, including the OWASP Top 10 vulnerabilities for large language models (LLMs), prompt injection attacks, common security misconfigurations, and best security practices. They should be able to demonstrate their practical knowledge on AI/ML security topics by completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the exam environment to mimic the real world scenarios.
Note: As this is an intermediate-level exam, a minimum of one year of professional pentesting experience is recommended.
What will the candidates get?
On completing the exam, each candidate will receive:
- A certificate with their pass/fail and merit status.
- The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.
What is the exam retake policy?
Candidates, who fail the exam, are allowed 1 free exam retake within the exam fees.
What are the benefits of this exam?
The exam will allow candidates to demonstrate their skills in AI/ML pentesting. This will help them to advance in their career.
How long is the certificate valid for?
The certificate does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.
Will you provide any training that can be taken before the exam?
Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics. Further, the following independent resources can be utilized to prepare for the exam.
Learning Resources
Exam Syllabus
Prompt Injection
- Direct Prompt Injections
- Indirect Prompt Injections
Insecure Output Handling
Training Data Poisoning
Supply Chain Vulnerabilities
- Traditional third-party package vulnerabilities, including outdated or deprecated components.
- Using a vulnerable pre-trained model for fine-tuning.
- Using outdated or deprecated models that are no longer maintained leads to security issues.
- Use of poisoned crowd-sourced data for training.
Sensitive Information Disclosure
- Incomplete or improper filtering of sensitive information in the LLM responses.
- Overfitting or memorization of sensitive data in the LLM training process.
- Unintended disclosure of confidential information due to LLM misinterpretation, lack of data scrubbing methods or errors.
Insecure Plugin Design
Excessive Agency
- Excessive Functionality.
- Excessive Permissions.
- Excessive Autonomy.