OffSec Authorised Training Partner

Certified Training for AI Red Teaming

At a Glance

Course Code

AI-300

Advanced Level

Credential

OSAI / OSAI+

OffSec AI Red Teamer

Duration

65+ Hours

90 days lab access

Exam

24-Hour

Practical red team engagement

Format

Instructor-led, hands-on labs

Delivery

In-person, Singapore

Prerequisites

Cybersecurity fundamentals, basic LLM familiarity

OffSec AI-300 — Advanced AI Red Teaming

AI-300 is OffSec's hands-on advanced course in offensive AI security. It teaches experienced security professionals how to assess, exploit and stress-test modern AI systems — generative AI, large language models, retrieval-augmented generation pipelines and multi-agent environments — under realistic enterprise conditions.

The course culminates in the OffSec AI Red Teamer (OSAI) certification exam: a 24-hour live engagement against an AI-enabled enterprise environment. This is not an introduction. It is the certification that signals you can run an AI red team engagement end to end.

OffSec AI-300 — Advanced AI Red Teaming

What You Will Learn

By the end of AI-300, you will be able to:

Build a structured offensive engagement against modern AI systems, mapped to MITRE ATLAS and the OWASP LLM Top 10

Conduct passive and active reconnaissance on AI targets, including model fingerprinting and RAG pipeline discovery

Exploit retrieval-augmented generation pipelines, vector databases and supporting infrastructure

Compromise multi-agent systems and orchestration frameworks

Identify and chain weaknesses across model inference systems and AI infrastructure

Operate against the NVIDIA AI Kill Chain and document findings to enterprise red team standards

Translate offensive findings into board-ready risk language

Course Modules

Eleven modules covering the full AI red teaming lifecycle

01

Introduction to Red Teaming AI Systems

Understand how AI systems change the traditional attack surface. Maps AI attacks to the red team lifecycle using MITRE ATLAS and OWASP LLM Top 10.

02

Reconnaissance for AI Targets

Identify and map AI applications, machine learning components, and model infrastructure within a target environment without alerting defenders.

03

Attacking AI Agents

Explore offensive techniques for manipulating AI agents by abusing prompt instructions, memory systems, and tool integrations.

04

AI Security Specialists

Seeking a portable, recognised credential

05

Attacking Multi-Agent Systems and A2A Protocols

Analyse multi-agent AI architectures and exploit trust relationships between agents through message manipulation and workflow corruption.

06

Exploiting RAG Pipelines

Compromise retrieval-augmented generation systems by poisoning knowledge sources and manipulating retrieval layers to control model outputs.

07

Attacking Embeddings

Perform embedding inversion and information extraction attacks to recover sensitive data from AI models.

08

Attacking Model Context Protocol and Tool Surfaces

Abuse orchestration layers and AI tool integration frameworks to escalate privileges or execute unintended actions.

09

AI Supply Chain Attacks

Target the AI supply chain including datasets, model weights, adapters, and dependencies to introduce malicious artifacts.

10

AI Infrastructure and Deployment Exploits

Identify vulnerabilities in cloud AI platforms, model servers, and containerized machine learning workloads.

11

Threat Modeling for AI-Enabled Targets

Develop strategies for identifying high-value AI assets, trust boundaries, and potential attack paths in complex environments.

12

Capstone Red Team Engagement

Full-spectrum red team engagement against a realistic enterprise AI environment, simulating how adversaries compromise production AI systems.

Who This Is For

Penetration Testers & Red Teamers

Extending tradecraft into AI systems

Security Engineers & Architects

Responsible for AI-enabled platforms

Threat Hunters & SOC Leads

Building AI-aware detection capability

CISO Office Staff

Preparing teams for AI assurance work

All current OSCP holders

Evolving core offensive skills into the machine learning space

ML Security Engineers

Validating AI system resilience

The OSAI Certification

The OSAI Certification

The OffSec AI Red Teamer (OSAI) is awarded on successful completion of a 24-hour proctored practical exam, in which the candidate compromises a realistic AI-enabled enterprise environment and produces a professional-grade engagement report.

OSAI+ is awarded to candidates who complete the additional advanced exam path. The credential signals one thing clearly: this practitioner can run an AI red team engagement against a real enterprise target.

  • 24-hour proctored practical exam
  • Real-world AI-enabled enterprise environment
  • Professional engagement report required
  • 3-year certification validity

Train where the operators train.

Register your interest for the next AI-300 cohort. Enterprise private cohorts available year-round.