Most AI security content is opinion. This is evidence.
The matrix is a structured learning system across 9 domains — from IAM for AI systems to LLM threat mitigations, agent architecture, platform security, and governance. Each competency has three levels: Beginner, Intermediate, Expert. Progress is tracked with lab work and published writeups as evidence.
152 competencies. 9 domains. All of it documented here.
How It Works
Each competency moves through four states:
| Badge | State | Meaning |
|---|---|---|
| 🔲 | Unassessed | Haven’t looked at it yet |
| 📖 | Learning | Actively studying, notes in progress |
| 🧪 | Tested | Built a lab or ran a test |
| ✅ | Published | Written up and live on this site |
Published posts are the evidence layer — not self-assessment, not a certificate. If the writeup exists, the competency is covered.
Domain Progress
D1 — Identity & Access Management for AI Systems
Beginner: 📖 in progress
IAM is the foundation. Before you can reason about AI system security, you need fluency with identity lifecycle, least privilege, and access control patterns — in practice, not in theory. The Okta cert labs are the hands-on evidence layer for this domain.
Competencies in progress: B·C2 (OAuth 2.0 / OIDC relevance for AI agents) · B·C4 (least privilege with AI agent example) · B·C5 (audit logging for AI agent actions) · B·C6 (identify misconfigured AI access controls)
Evidence: Okta Cert Prep labs →
D2 — AI/LLM Security Threats & Mitigations
Beginner: 📖 in progress
The OWASP LLM Top 10 is the threat vocabulary. The HTB OSAI Prep series builds it from the bottom up — classical offensive techniques first, then the structural equivalent in AI deployments. Prompt injection (LLM01), sensitive information disclosure (LLM06), insecure plugin design (LLM07), and excessive agency (LLM08) all have live evidence.
Competencies covered: B·C1 (explain prompt injection with a simple example) · B·C3 (explain PII leakage from AI systems)
Evidence: OSAI Prep writeups →
D3 — AI Agent Architecture & Control Frameworks
Beginner: 🔲 not started
Agentic loops, tool use, human-in-the-loop controls. Next domain after D1 and D2 beginner levels are complete.
D4 — LLM Technical Internals
Beginner: 🔲 not started
Transformer architecture, context windows, tokenization, RAG. The technical substrate that makes the threats in D2 possible.
D5 — AI Platform Security
Beginner: 🔲 not started
Azure OpenAI, AWS Bedrock, Anthropic API. Platform-specific deployment and access control patterns.
D6 — AI Governance & Compliance
Beginner: 🔲 not started
EU AI Act, model risk management, audit logging requirements. The regulatory layer.
D7 — Statistical Methods & ML Theory
Beginner: 🔲 awareness target only
This domain has a ceiling. The goal is functional literacy for conversations with ML engineers — not a deep dive.
D8 — AI Supply Chain Security
Beginner: 🔲 not started
Poisoned models, model provenance, third-party AI library risk.
D9 — Thought Leadership & Communication
Beginner: 📖 in progress
Every published post on this site is evidence for D9 — explaining AI security concepts clearly, in writing, to a mixed audience. B·C2 (write a clear AI security risk summary for a non-security audience) is covered every time a writeup goes live.
Evidence: All posts →
What’s Next
Working through D1 and D2 Beginner levels in parallel — Okta cert labs for D1, OSAI Prep HTB writeups for D2. First full domain-level post (D2 Beginner roundup) when the HTB series covers the remaining OWASP LLM Top 10 entries.