The SecOps Group

I am now a Certified AI/ML Penetration Tester 🎉 Here's my review of The SecOps Group's C-AI/MLPen exam 👇 👨💻 An AI penetration tester exam? 👨💻 For the past 12 months, I've been delving deeply into the world of hacking everything AI-related. I've gathered over 20 CVEs in various AI libraries and frameworks and scored some sweet bounties. So when I heard that there was an exam about AI security penetration testing, it peeked my interest and so I gave it a shot. 🤔 Do we need an AI/ML penetration tester exam? 🤔 The first question I asked myself is whether or not the industry needs such an exam. I've seen a couple of AI agents in my recent penetration tests and they're always interesting targets, I've also seen more and more companies requesting these types of penetration tests, and thus there's a market there. 🧬 Is it life-like 🧬 My main AI/ML penetration testing experience has been with frameworks and less with implementations and models. I've found there that the main vulnerabilities are the issues we all know about today: Local File Inclusions / Zip Bombs / File Overwrites / RCE. However, this exam focuses down on the prompt injection part of AI/ML security, which is perfectly fine. It's better to scope down to the new and interesting things than to have yet another web application hacking certificate. ⚖ How does it compare to other certificates? ⚖ I don't actually know of any other AI/ML penetration testing certifications, so I'll talk about the C-AI/MLPen certificate in general. In terms of difficulty, I felt like the exam was a bit too easy, it could've been a bit harder. Like with all SecOps certificates, there's no training available. They merely offer the exam. They do however provide you with a load of links to other platforms that can help you prepare for the exam. I'm a huge fan of this because it means that SecOps isn't deciding what's important to know and what isn't. They're merely testing your skills. This means that you don't get cookie-cut penetration tester that have all followed the exact same path. We always need creativity in this space! 😎 I crashed the exam 😎 Fun fact: I actually managed to crash the entire exam environment to the point where I had to retake the exam the next day. This shows how unpredictable LLMs are, they're very hard to keep under control and it was quite cool to be able to force this unexpected outcome! 📈 Conclusion: Should you take this exam? 📈 No. You probably should take the exam right now. I don't think there are going to be many jobs requiring this certificate right now. However, maybe that's just a bad prediction of the future. If you're an employer looking for offensive AI/ML researchers, then maybe this could be a fun way to scope out new recruits though!

Thank you infosec community for all the love to The SecOps Group. 💌🙏🏾 The secret sauce behind the popularity and success of our exams 👇🏾 #entrepreneurship #businessinsights 𝗗𝗼𝗻’𝘁 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗵𝗲 𝗛𝗲𝗿𝗱 🐏: In last 1 year, over 50,000 (yes fifty thousand!) users have taken our exams. Our exam portfolio has expanded from 1 to 11 exams. When I first brainstormed the idea of an “exam-only business” with a few peers, some initial feedback was “but who is going to take the exam without an associated training”. Well, we decided to stick to our guns and create a market for ourselves. 💪🏾 𝗤𝘂𝗮𝗹𝗶𝘁𝘆 + 𝗔𝗳𝗳𝗼𝗿𝗱𝗮𝗯𝗹𝗲= 𝗣𝗼𝗽𝘂𝗹𝗮𝗿 🥰 While the 'affordability' part is easily understood; Most businesses focus too much on it and don’t understand that creating a 'quality' product is far more important than its affordability. A great product reasonably priced (even underpriced in first year) is a good marketing strategy and a great way to acquire customers. 𝗖𝗼𝗻𝘁𝗲𝗻𝘁 𝗶𝘀 𝗞𝗶𝗻𝗴👑  We have never tried to create the “most difficult exams”. The focus has always been to create exams that mimic real world pentest scenario; have components that reflect modern day infrastructure/app/architecture. Similarly, the exam setting should feel like a real world pentesting setting. E.g.  ✅Allow internet  ✅Allow candidate to run any tool.  ✅Provide instant pass/fail result. ✅ 4–7-hour Exam window. 𝗨𝘀𝗲𝗿 𝗖𝗼𝗻𝘃𝗲𝗻𝗶𝗲𝗻𝗰𝗲 𝗠𝗮𝘁𝘁𝗲𝗿𝘀👌🏾  • Exam scheduling ⏱️❌ • 24-hour exam window💀 ❌ • Lengthy report submissions📃 ❌ • 2 weeks’ time to get the result🫠 ❌ 𝗦𝗰𝗮𝗹𝗮𝗯𝗹𝗲 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀📈 Lastly, from a business perspective, if you run a conventional training+ exam business, then some of the challenges you could face are:  • It’s difficult to maintain a portfolio of good training courses. As the training catalogue expands, so is the challenge to constantly update the literature, labs, exercises/answers. Often as business owners you are not sure if the effort will be in proportion to the returns. • A good training course requires a good trainer. Good trainers are hard to find/replace. • You are constantly worried about the content getting leaked/pirated by others. These are also some of the reasons why we chose not to create training and run an exam only-model. A model that is: ✅Easy to manage/update and scale. Thank you infosec community for your continued love and support. 💌

Certified AI/ML Pentester (C-AI/MLPen) - Review Buy your voucher: https://lnkd.in/dMweyPVF Discount Code: Code: AIML-80-OFF (80% OFF) #redteam #cybersecurity #llmpentest #thesecopsgroup #informationsecurity #pentest #AI

I’m happy to share that I’ve obtained a new certification: Certified AppSec Pentesting eXpert (CAPenX) from The SecOps Group! This one was quite a bit challenging and I learned some neat stuff attempting it and trying to solve its puzzles. A diverse array of topics. Thanks for the attempt Sumit Siddharth!

I'm happy to share that I've obtained a new certification: Certified AI/ML Pentester (C-AI/MLPen) from The SecOps Group. This certification is 100% practical and funny, with increasing complexity as you progress, covering OWASP TOP LLM topics. #LLM #security #MLSecurity #cybersecurity #Owasp #AIPentesting #TopLLM

I’m happy to share that I’ve obtained a new certification: Certified AppSec Pentesting Expert (CAPenX) from The SecOps Group! Thanks to Fluid Attacks for allowing me to grow and advance in my career with such an opportunity. https://lnkd.in/eHc3fM-x