Study notes for (C-AI/MLPen) and (C-AgAIPen) certifications
A curated list of learning resources
Study notes for (C-AI/MLPen) and (C-AgAIPen) certifications
Intro
Below you may find a curated list of the learning resources I used for the Certified AI/ML Pentester (C-AI/MLPen) and Certified Agentic AI Pentester (C-AgAIPen) certifications by The SecOps Group. These are the officially recommended resources, along with some additional ones I picked, properly organized and formatted to keep track of your progress.
Learning resources
Theory
- Compromising LLMs using Indirect Prompt Injection
- LearnPrompting - Prompt Hacking
- OWASP
- Top 10 for LLM Applications 2025
- Top 10 for Agentic Applications 2026 (💡 Read the linked references at the end of each section)
- Lakera: Real World LLM Exploits
- Bugcrowd
- Prompting Guide
- Static code analysis on Top 10 for LLM Applications
- Simon Willison - Prompt injection explained, with video, slides, and a transcript
- Medium - Hacking LLMs with prompt injections
- WithSecureLabs - Synthetic Recollections
- NCC - Exploring prompt injection attacks
- LLM Pentest: Leveraging Agent Integration for RCE
- AI Village - Threat Modelling LLM Applications:
- Pentesting LLMs
- Snyk.io - Addressing Top 10 LLMs
- Unite AI - Prompt Hacking and Misuse of LLMs
- NVIDIA: AI Red Team - An introduction
- Microsoft: Planning red teaming for large language models (LLMs) and their applications
- Cobalt: Prompt Injection Attacks
- IBM - Prompt injection attacks
Labs
- Mock exams by The SecOps Group
- Tryhackme: AI Learning Path
- OWASP Prompt Me
- Portswigger - Web LLM Attacks
- Hackaprompt:
- Immersive Labs (⚠️ Slow)
- Prompt Airlines
- Gandalf by Lakera
Payloads
Compilations
Tools
This post is licensed under CC BY 4.0 by the author.