Train to become OSAI certified

AI-300: Advanced AI Red Teaming

Starting at $1,749

Level

65h of content

Gain hands-on expertise in AI cybersecurity, including attacking LLMs, multi-agent AI systems, RAG pipelines, embeddings, and AI infrastructure while building skills in securing AI, cloud security, and modern AI technologies
Earn the OffSec AI Red Teamer (OSAI) certification through a practical 24-hour exam testing real-world attacks against AI-enabled systems and gain your 3-year OSAI+

Start training Certify your team

Overview

OSAI+: Advanced AI Red Teaming (AI-300) is OffSec’s hands-on AI cybersecurity course and AI security course designed to teach security professionals how to assess and exploit modern AI systems, including generative AI, LLMs, and multi-agent environments. Through practical labs and real-world scenarios, learners develop offensive techniques for attacking AI applications, strengthening threat detection, leveraging threat intelligence, and improving cyber defense strategies across AI infrastructure while preparing for an industry-recognized AI cybersecurity certification.

Advanced AI Red Teaming (AI-300) is OffSec’s advanced AI cybersecurity training course designed to help security professionals assess and exploit vulnerabilities in modern AI systems. As organizations increasingly adopt generative AI, machine learning models, and autonomous AI applications, the attack surface for cyber threats is rapidly expanding, increasing the need for stronger threat intelligence, risk management, and modern cyber defense strategies. Traditional penetration testing approaches were not designed for AI-enabled environments, where models, data pipelines, agents, and orchestration frameworks introduce entirely new security risks. As organizations deploy generative AI across production environments, the AI attack surface continues to expand, requiring new approaches to AI security testing and offensive assessment.

AI-300 teaches learners how to apply an adversary mindset to modern artificial intelligence technology, combining proven cybersecurity methodology with offensive techniques tailored for AI applications, deep learning systems, and emerging AI technologies. The course focuses on how real attackers identify weaknesses in AI-enabled environments, manipulate model behavior, and compromise the infrastructure supporting modern AI deployments.

The training emphasizes hands-on AI cybersecurity labs that simulate real-world environments where AI systems operate alongside traditional infrastructure. Learners interact with enterprise-style AI architectures that include LLMs, vector databases, multi-agent systems, model orchestration frameworks, and cloud security environments supportingAI infrastructure, reflecting how modern AI technology is deployed in production environments.

Throughout the course, learners develop practical skills to identify vulnerabilities, simulate adversarial attacks, and analyze the impact of weaknesses across complex AI ecosystems. By applying offensive security techniques to generative AI platforms, machine learning pipelines, and AI deployment environments, learners gain the expertise required to evaluate AI-enabled systems from an attacker’s perspective while supporting real-world security operations and incident response readiness.

The training culminates in the OffSec AI Red Teamer (OSAI) certification exam, a rigorous 24-hour practical red team engagement where learners must compromise a realistic AI-enabled enterprise environment. Successful candidates earn the OffSec AI Red Teamer (OSAI and OSAI+) certification, demonstrating practical expertise in assessing and exploiting modern AI systems.

AI-300 is designed for experienced cybersecurity professionals looking to expand their expertise into AI security and machine learning security, including penetration testers, red teamers, security engineers, and professionals pursuing roles such as AI security specialist or certified AI security professional.

Becoming OSAI certified

24-hour proctored

All certification exams are proctored by an OffSec employee in a private VPN
Hands-on AI red team engagement

Identify, exploit, and document vulnerabilities across AI-enabled systems in a realistic environment
Enterprise AI attack environment

Simulate attacks against modern AI systems including agents, data pipelines, and model infrastructure
Practical AI security assessment

Demonstrate your ability to compromise and assess modern AI systems in a real-world scenario

OSAI+ certification

About the OSAI+ exam

The OffSec AI Red Teamer (OSAI and OSAI+) is a hands-on AI security certification validating real-world offensive skills in securing AI systems and infrastructure.

Exam Guide Exam FAQ

OffSec is trusted by

Start learning with OffSec

$2,749/year*

Best value

Learn One

Includes one year of access to one 200 or 300-level course, the associated labs, and two exam attempts

Enroll now Learn more

$1,749/once

Course + Cert Bundle

Includes 90 days of access to one 200 or 300-level course, hands-on labs, and a single exam attempt

Enroll now Learn more

*Subscription auto-renews unless cancelled

Why AI Red Teaming Matters Now

As organizations rapidly deploy generative AI and machine learning systems, the AI attack surface is expanding across modern applications and infrastructure. Traditional security testing was not designed to address the unique cyber threats targeting AI systems. AI red teaming applies offensive cybersecurity methodology to identify and exploit these weaknesses before attackers do.

AI-300 FAQ

Who is the AI-300: Advanced AI Red Teaming course for?

AI-300 is designed for experienced cybersecurity professionals who want to develop offensive skills for assessing and exploiting modern AI systems. This includes penetration testers, red teamers, security engineers, and professionals responsible for securing generative AI applications and machine learning environments.
The course is also suitable for AI engineers and developers who want to better understand how adversaries target AI-enabled systems and learn practical techniques for identifying and mitigating AI cybersecurity risks.

This also includes professionals seeking an AI security certification or advancing their skills through an AI cybersecurity course focused on real-world adversarial techniques.
What are the prerequisites for AI-300?

AI-300 is an advanced AI cybersecurity course designed for learners with a strong foundation in cybersecurity. Students should have experience with penetration testing concepts, networking, Linux and Windows systems, and basic scripting.

A basic familiarity with AI systems or machine learning concepts, such as LLMs or generative AI applications, is helpful but not required. The course focuses on offensive security techniques for assessing AI-enabled systems, and learners without prior AI experience can still succeed.
OSCP or equivalent hands-on experience is recommended.
What certification do I earn?

Learners who successfully complete the exam earn the OffSec AI Red Teamer (OSAI and OSAI+) certification. This certification demonstrates the ability to assess and exploit vulnerabilities across modern AI systems, generative AI applications, and machine learning infrastructure using real-world offensive security techniques.
How long does the course take to complete?

AI-300 is a modular, self-paced training course. Most learners spend approximately 50–100 hours completing the course materials, hands-on labs, and practice environments before attempting the certification exam.
What makes AI-300 different from traditional penetration testing courses?

Traditional penetration testing courses focus on networks, web applications, and operating systems. AI-300 focuses on the unique security risks introduced by modern AI systems, including generative AI applications, machine learning pipelines, AI agents, and model infrastructure. The course teaches offensive techniques specifically designed to assess and exploit vulnerabilities in these environments.
What job roles can the OSAI prepare me for?

AI-300 prepares learners for roles focused on securing modern AI systems and applications. Professionals who complete this course may pursue positions such as AI security specialist, penetration tester, red teamer, AI security engineer, or cybersecurity analyst responsible for assessing machine learning and generative AI environments.
The course also benefits security engineers, AI engineers, and security researchers who need to identify vulnerabilities, simulate attacks, and assess risks across AI-enabled systems and infrastructure.
What should I take after AI-300?

After completing AI-300 and earning the OSAI+ certification, learners can continue advancing their offensive security expertise through other OffSec training programs focused on advanced red teaming, exploitation techniques, and specialized cybersecurity domains.
What is the difference between OSAI and OSAI+?
The OSAI+ designation will differ from the OSAI certification in only one way; it will expire three (3) years from issuance. During those three years, learners will have the opportunity to maintain the “+” designation by completing one of three continuing education paths:
- Take and pass a recertification exam within 6 months of the + expiration date
- Take and pass another qualifying OffSec certification exam before your + expires. List of qualifying exams:
  - OSEP (OffSec Experienced Penetration Tester)
  - OSWA (OffSec Web Assessor)
  - OSED (OffSec Exploit Developer)
  - OSEE (OffSec Exploitation Expert)
- Successful completion of OffSec’s new CPE program.
Learners who choose not to maintain the + designation will still keep their OSAI certification, as the OSAI certification has no expiration date and continues to be valid indefinitely.
Does the OSAI+ certification expire?
Yes, the OSAI+ will expire 3 years after the date you passed the exam. To maintain the validity of your certification, consider one of the following renewal options before your expiration date:
- Pass a Qualifying Exam: Take and pass an OffSec certification exam within the same category at the same level or higher before your certification expires.
- Recertification Exam: Take and pass a recertification exam within six months before your certification’s expiration date to extend validity.
- Continuing Professional Education (CPE) Program. You may refer to the CPE handbook for more information.
Please note that, if your certification expires, you will need to retake and pass the same certification exam.
How do I get CPE points for the AI-300 course?

All of our fully released courses may qualify students for up to 40 (ISC)² CPE credits. To know if you are eligible to request a completion letter or to find course completion requirements, please visit our How can I obtain (ISC)² CPE credits and/or a course completion letter for my course article.