

COASP: Certified Offensive AI Security Professional
Course Information

Course Name
COASP: Certified Offensive AI Security Professional

Exam code
312-52

Duration
5 Days
Certification
Overview
C|OASP is a hands-on, practitioner-level credential that validates your ability to ethically
attack AI systems so you can defend them with engineering-grade controls. C|OASP is not about building AI models or running AI programs. It is about proving you can:
- Think like an attacker inside AI systems
- Uncover weaknesses across models and pipelines
- Validate security controls
- Reduce operational risk before deployment
This is the only credential built for offensive AI security work with outcomes you can
demonstrate.
Skills This Program Validates
The C|OASP credential validates your ability to:
- Execute prompt injection, jailbreaking, and prompt chaining attacks
- Red-team AI agents, including memory corruption, tool misdirection, and checkpoint manipulation
- Apply OWASP LLM Top 10 and MITRE ATLAS frameworks
- Conduct adversarial ML attacks, including data poisoning and model extraction
- Build detection rules and hardening strategies for AI systems
Audience Profile
C|OASP is designed for security professionals who wish to master offensive and defensive AI security techniques.
Prerequisites
At Course Completion
Course Outline
Build a foundation in offensive AI security by learning how AI systems are designed, where they fail, and how adversaries exploit them, using structured hacking methodologies and globally recognized AI security frameworks.
What You will Learn
- Understand AI and machine learning fundamentals from an offensive security perspective
- Identify AI attack surfaces, threat landscapes, and adversary techniques
aligned to MITRE ATLAS - Apply AI system hacking methodologies, frameworks, and risk implications
- Classify AI attack taxonomies and models
- Define offensive AI scoping fundamentals and foundations for securing AI systems
- Provide an overview and mapping of OWASP LLM & ML Top 10 (2025) to AI threats and governance considerations
Learn advanced AI-focused OSINT techniques to identify, enumerate, and analyze AI assets, data pipelines, models, APIs, and attack surfaces, and apply exposure mitigation and hardening strategies to support continuous AI
security monitoring.
What You will Learn
- Apply OSINT tools and techniques to identify and profile AI assets
- Gather intelligence from AI data sources and training pipelines
- Discover and map AI attack surfaces using publicly available intelligence
- Enumerate AI endpoints, services, APIs, and exposed parameters
- Identify and analyze AI models and vector stores from an attacker’s perspective
- Evaluate OSINT exposure and apply hardening controls to reduce risk
- Use AI threat intelligence to support continuous monitoring and defensive
readiness
Master AI-specific vulnerability assessment and fuzzing techniques to identify, analyze, and mitigate security weaknesses across modern AI systems and applications.
What You will Learn
- Understand core principles of AI vulnerability assessment and threat discovery
- Use tools and techniques for scanning vulnerabilities in AI models, pipelines, and deployments
- Apply practical fuzzing methods tailored for AI systems and model interfaces
- Integrate scanning and fuzzing into AI security workflows for proactive risk
mitigation
Analyze and exploit LLM trust boundaries using advanced prompt injection, jailbreaking, and output manipulation techniques, while identifying risks related to sensitive data exposure and insecure LLM application design.
What You will Learn
- LLM architecture, trust boundaries, and associated attack vectors
- Execute prompt injection and jailbreaking techniques in real-world LLM applications
- Identify sensitive information disclosure and system prompt leakage risks
- Evaluate improper output handling vulnerabilities and misinformation threats
- Apply advanced prompt-based attack techniques and exploitation strategies
- Implement secure LLM application design principles and defensive controls
Execute and analyze adversarial machine learning, privacy, and model extraction
attacks to assess AI system robustness, trustworthiness, and risk, and apply defensive strategies to mitigate them.
What You will Learn
- Identify core adversarial machine learning attack classes
- Execute practical adversarial input attacks across data modalities
- Apply privacy, inference, and model extraction attack techniques
- Evaluate robustness, trustworthiness, and risk evaluation methods
- Implement defensive strategies for model privacy and resilience
Compromise AI systems through data poisoning and backdoor insertion targeting
training pipelines and model integrity.
What You will Learn
- Understand AI data and training pipeline architecture and threat surfaces
- Execute practical data poisoning techniques and attack scenarios
- Apply backdoor and trojan insertion during model training
- Implement security measures to safeguard data and training pipelines
Analyze and exploit autonomous AI agents and multi-model architectures by targeting excessive agency, cross-LLM interactions, orchestration workflows, and unbounded resource consumption, while understanding defensive strategies to secure agentic systems.
What You will Learn
- Understand agentic AI architecture and attack surface
- Apply excessive agency and autonomy exploitation techniques
- Identify cross-LLM and model-to-model attack vectors
- Asses denial-of-wallet risks and unbounded resource consumption
- Execute attacks targeting AI workflows and orchestration layers
- Implement defensive strategies for securing agentic AI applications
Explore offensive techniques targeting AI infrastructure, system integrations, and third-party dependencies, while learning how to identify, exploit, and harden AI supply chain weaknesses.
What You will Learn
- Understand AI infrastructure components and system integration architectures
- Identify vulnerabilities in AI systems, frameworks, and deployment pipelines
- Analyze abuse of tools, plugins, and APIs in AI-enabled applications
- Assess AI supply chain threats and dependency risks (deep dive)
- Implement hardening strategies for AI infrastructure and supply chains
Apply structured AI security testing and evaluation methodologies to assess
risk, validate controls, and implement hardening best practices across enterprise AI
systems.
What You will Learn
- Understand AI security testing methodologies and evaluation techniques
- Apply red team frameworks for offensive AI assessment
- Identify, validate, and report AI vulnerabilities and risk
- Implement security hardening and mitigation best practices for AI systems
Master AI-specific incident response and forensics, concluding with hands-on
engagement in AI red team activities.
What You will Learn
- Detect and respond to AI-specific security incidents
- Collect and analyze AI logs, telemetry, and digital evidence
- Analyze root causes in post-incident analysis
Overview
Overview
C|OASP is a hands-on, practitioner-level credential that validates your ability to ethically
attack AI systems so you can defend them with engineering-grade controls. C|OASP is not about building AI models or running AI programs. It is about proving you can:
- Think like an attacker inside AI systems
- Uncover weaknesses across models and pipelines
- Validate security controls
- Reduce operational risk before deployment
This is the only credential built for offensive AI security work with outcomes you can
demonstrate.
Skills This Program Validates
The C|OASP credential validates your ability to:
- Execute prompt injection, jailbreaking, and prompt chaining attacks
- Red-team AI agents, including memory corruption, tool misdirection, and checkpoint manipulation
- Apply OWASP LLM Top 10 and MITRE ATLAS frameworks
- Conduct adversarial ML attacks, including data poisoning and model extraction
- Build detection rules and hardening strategies for AI systems
Audience Profile
Audience Profile
C|OASP is designed for security professionals who wish to master offensive and defensive AI security techniques.
Prerequisities
Prerequisites
At Course Completion
At Course Completion
Course Outline
Course Outline
Build a foundation in offensive AI security by learning how AI systems are designed, where they fail, and how adversaries exploit them, using structured hacking methodologies and globally recognized AI security frameworks.
What You will Learn
- Understand AI and machine learning fundamentals from an offensive security perspective
- Identify AI attack surfaces, threat landscapes, and adversary techniques
aligned to MITRE ATLAS - Apply AI system hacking methodologies, frameworks, and risk implications
- Classify AI attack taxonomies and models
- Define offensive AI scoping fundamentals and foundations for securing AI systems
- Provide an overview and mapping of OWASP LLM & ML Top 10 (2025) to AI threats and governance considerations
Learn advanced AI-focused OSINT techniques to identify, enumerate, and analyze AI assets, data pipelines, models, APIs, and attack surfaces, and apply exposure mitigation and hardening strategies to support continuous AI
security monitoring.
What You will Learn
- Apply OSINT tools and techniques to identify and profile AI assets
- Gather intelligence from AI data sources and training pipelines
- Discover and map AI attack surfaces using publicly available intelligence
- Enumerate AI endpoints, services, APIs, and exposed parameters
- Identify and analyze AI models and vector stores from an attacker’s perspective
- Evaluate OSINT exposure and apply hardening controls to reduce risk
- Use AI threat intelligence to support continuous monitoring and defensive
readiness
Master AI-specific vulnerability assessment and fuzzing techniques to identify, analyze, and mitigate security weaknesses across modern AI systems and applications.
What You will Learn
- Understand core principles of AI vulnerability assessment and threat discovery
- Use tools and techniques for scanning vulnerabilities in AI models, pipelines, and deployments
- Apply practical fuzzing methods tailored for AI systems and model interfaces
- Integrate scanning and fuzzing into AI security workflows for proactive risk
mitigation
Analyze and exploit LLM trust boundaries using advanced prompt injection, jailbreaking, and output manipulation techniques, while identifying risks related to sensitive data exposure and insecure LLM application design.
What You will Learn
- LLM architecture, trust boundaries, and associated attack vectors
- Execute prompt injection and jailbreaking techniques in real-world LLM applications
- Identify sensitive information disclosure and system prompt leakage risks
- Evaluate improper output handling vulnerabilities and misinformation threats
- Apply advanced prompt-based attack techniques and exploitation strategies
- Implement secure LLM application design principles and defensive controls
Execute and analyze adversarial machine learning, privacy, and model extraction
attacks to assess AI system robustness, trustworthiness, and risk, and apply defensive strategies to mitigate them.
What You will Learn
- Identify core adversarial machine learning attack classes
- Execute practical adversarial input attacks across data modalities
- Apply privacy, inference, and model extraction attack techniques
- Evaluate robustness, trustworthiness, and risk evaluation methods
- Implement defensive strategies for model privacy and resilience
Compromise AI systems through data poisoning and backdoor insertion targeting
training pipelines and model integrity.
What You will Learn
- Understand AI data and training pipeline architecture and threat surfaces
- Execute practical data poisoning techniques and attack scenarios
- Apply backdoor and trojan insertion during model training
- Implement security measures to safeguard data and training pipelines
Analyze and exploit autonomous AI agents and multi-model architectures by targeting excessive agency, cross-LLM interactions, orchestration workflows, and unbounded resource consumption, while understanding defensive strategies to secure agentic systems.
What You will Learn
- Understand agentic AI architecture and attack surface
- Apply excessive agency and autonomy exploitation techniques
- Identify cross-LLM and model-to-model attack vectors
- Asses denial-of-wallet risks and unbounded resource consumption
- Execute attacks targeting AI workflows and orchestration layers
- Implement defensive strategies for securing agentic AI applications
Explore offensive techniques targeting AI infrastructure, system integrations, and third-party dependencies, while learning how to identify, exploit, and harden AI supply chain weaknesses.
What You will Learn
- Understand AI infrastructure components and system integration architectures
- Identify vulnerabilities in AI systems, frameworks, and deployment pipelines
- Analyze abuse of tools, plugins, and APIs in AI-enabled applications
- Assess AI supply chain threats and dependency risks (deep dive)
- Implement hardening strategies for AI infrastructure and supply chains
Apply structured AI security testing and evaluation methodologies to assess
risk, validate controls, and implement hardening best practices across enterprise AI
systems.
What You will Learn
- Understand AI security testing methodologies and evaluation techniques
- Apply red team frameworks for offensive AI assessment
- Identify, validate, and report AI vulnerabilities and risk
- Implement security hardening and mitigation best practices for AI systems
Master AI-specific incident response and forensics, concluding with hands-on
engagement in AI red team activities.
What You will Learn
- Detect and respond to AI-specific security incidents
- Collect and analyze AI logs, telemetry, and digital evidence
- Analyze root causes in post-incident analysis
