Overview & Adversary Mindset
OSAI is OffSec's offensive AI security certification (AI-300). It applies the same adversary-first methodology from OSCP to AI-enabled systems β LLMs, agents, RAG pipelines, ML infrastructure. This isn't about prompt engineering. It's about breaking AI systems like an attacker.
What OSAI Tests
- Identifying and exploiting vulnerabilities in LLM-backed applications
- Attacking Retrieval-Augmented Generation (RAG) pipelines
- Compromising multi-agent AI systems and their tool-call surfaces
- Exploiting AI deployment infrastructure (serving stacks, APIs, model files)
- Combining classic offensive techniques with AI-specific attack primitives
The AI Attacker's Mindset
Traditional pentesting assumes deterministic systems β same input, same output. AI breaks this. You're attacking a probabilistic system that changes behavior based on context, temperature, and sampling. This changes how you:
- Reproduce findings β outputs vary. Document prompts, not just outputs
- Validate exploits β run multiple times to confirm reliability
- Communicate risk β probabilistic failure needs statistical framing
- Iterate β failed attacks need reformulation, not abandonment
Think of an LLM as a software system with a natural language interface. Every input you give is a "function call". Your job is to find the unintended code paths β just like SQL injection, but for language models.
Prerequisites Checklist
- Linux CLI
- Python
- HTTP/APIs
- Basic LLM Concepts
- Offensive Fundamentals