OffSec Authorised Training Partner
Course Code
AI-300
Advanced Level
Credential
OSAI / OSAI+
OffSec AI Red Teamer
Duration
65+ Hours
90 days lab access
Exam
24-Hour
Practical red team engagement
Format
Instructor-led, hands-on labs
Delivery
In-person, Singapore
Prerequisites
Cybersecurity fundamentals, basic LLM familiarity
AI-300 is OffSec's hands-on advanced course in offensive AI security. It teaches experienced security professionals how to assess, exploit and stress-test modern AI systems — generative AI, large language models, retrieval-augmented generation pipelines and multi-agent environments — under realistic enterprise conditions.
The course culminates in the OffSec AI Red Teamer (OSAI) certification exam: a 24-hour live engagement against an AI-enabled enterprise environment. This is not an introduction. It is the certification that signals you can run an AI red team engagement end to end.

By the end of AI-300, you will be able to:
Build a structured offensive engagement against modern AI systems, mapped to MITRE ATLAS and the OWASP LLM Top 10
Conduct passive and active reconnaissance on AI targets, including model fingerprinting and RAG pipeline discovery
Exploit retrieval-augmented generation pipelines, vector databases and supporting infrastructure
Compromise multi-agent systems and orchestration frameworks
Identify and chain weaknesses across model inference systems and AI infrastructure
Operate against the NVIDIA AI Kill Chain and document findings to enterprise red team standards
Translate offensive findings into board-ready risk language
Eleven modules covering the full AI red teaming lifecycle
Understand how AI systems change the traditional attack surface. Maps AI attacks to the red team lifecycle using MITRE ATLAS and OWASP LLM Top 10.
Identify and map AI applications, machine learning components, and model infrastructure within a target environment without alerting defenders.
Explore offensive techniques for manipulating AI agents by abusing prompt instructions, memory systems, and tool integrations.
Seeking a portable, recognised credential
Analyse multi-agent AI architectures and exploit trust relationships between agents through message manipulation and workflow corruption.
Compromise retrieval-augmented generation systems by poisoning knowledge sources and manipulating retrieval layers to control model outputs.
Perform embedding inversion and information extraction attacks to recover sensitive data from AI models.
Abuse orchestration layers and AI tool integration frameworks to escalate privileges or execute unintended actions.
Target the AI supply chain including datasets, model weights, adapters, and dependencies to introduce malicious artifacts.
Identify vulnerabilities in cloud AI platforms, model servers, and containerized machine learning workloads.
Develop strategies for identifying high-value AI assets, trust boundaries, and potential attack paths in complex environments.
Full-spectrum red team engagement against a realistic enterprise AI environment, simulating how adversaries compromise production AI systems.
Extending tradecraft into AI systems
Responsible for AI-enabled platforms
Building AI-aware detection capability
Preparing teams for AI assurance work
Evolving core offensive skills into the machine learning space
Validating AI system resilience

The OffSec AI Red Teamer (OSAI) is awarded on successful completion of a 24-hour proctored practical exam, in which the candidate compromises a realistic AI-enabled enterprise environment and produces a professional-grade engagement report.
OSAI+ is awarded to candidates who complete the additional advanced exam path. The credential signals one thing clearly: this practitioner can run an AI red team engagement against a real enterprise target.
Register your interest for the next AI-300 cohort. Enterprise private cohorts available year-round.