OSAI Prep

What is OSAI

The Offensive Security AI Security Expert (OSAI) is Offensive Security’s certification for AI red teaming and adversarial machine learning — the same rigor OffSec applies to network and web exploitation, now applied to AI systems.

The cert covers threat modeling for LLM deployments, adversarial prompt engineering, model inversion, data poisoning, and attacking the infrastructure that AI systems run on — vector databases, agent memory stores, tool endpoints, and orchestration layers.

Why I’m pursuing it

I work at the intersection of IAM and AI security. Most of what I see in production AI deployments fails at the infrastructure layer — the same access control and authentication failures that have plagued traditional systems for decades, now showing up in vector databases, MCP servers, and agent memory stores.

OSAI gives me the offensive vocabulary to articulate those failures credibly and the lab experience to back it up.

The approach

I’m using HackTheBox as the hands-on foundation — working through machines that demonstrate the same vulnerability classes that appear in AI deployments. Each writeup connects the classical exploit to its AI equivalent, grounded in the OWASP LLM Top 10.

The pattern: learn the attack on a traditional system, understand why it works, identify the structural equivalent in an AI deployment.

Progress

All writeups are tagged osai-prep in the blog.