Attack. Defend. Govern. Three specialized instructors. 24 modules. One standard: mastery.
Most AI security training uses one instructor for everything. AIISEC uses three domain specialists — each with a distinct focus, distinct background, and a different kind of expertise that feeds the others.
Alex teaches you how systems break. His lectures open with a war story — a system he compromised in under 30 seconds, a composite attack chain that took 5 agents and logged "task completed successfully." No classroom warmth. Direct. Specific. Every technique demonstrated against real framework code.
Diana is the person you call in when things have already gone wrong — or to prove they will be. Her lectures begin with a real failure: the four concentric rings that should have been there, the defense that stopped 99% of attacks and missed the one that mattered. Calm, methodical, evidence-based.
James speaks to CISOs, boards, and regulators — and teaches you to do the same. His domain is accountability: what the regulation actually requires, what "compliant" means when the model is probabilistic, and what an auditor is looking for when they arrive with a questionnaire.
Not concepts. Not theory slides. Working attack chains, implemented defenses, and documented governance frameworks — each demonstrated in lab environments with real frameworks.
Defense: HMAC signing on inter-agent messages (Gate G5 defense implementation). You build this attack and the defense that stops it.
Reproduce 10 prompt injection variants. Audit MCP servers for OWASP MCP Top 10. Demonstrate tool poisoning, rug pull, schema injection. Build multi-agent impersonation and result poisoning attacks. Extract model architecture through black-box API access. Full red team report with CVSS scoring.
Build 4-layer defense architecture against prompt injection. Implement HMAC signing, execution-layer authorization, and result validation for multi-agent systems. Deploy eBPF runtime monitors. Conduct full incident response simulation including root cause analysis. Harden vLLM inference infrastructure against deserialization attacks.
Complete NIST AI RMF assessments for unseen AI systems. Classify AI systems under EU AI Act Article 6. Write conformity assessments, privacy impact assessments, and board-level risk documentation. Build organizational AI governance policies. Map technical controls to GOVERN/MAP/MEASURE/MANAGE subcategories.
Traditional programs let students pass with 70% — leaving 30% unlearned. In AI security, that 30% gap is the vulnerability an attacker exploits. AIISEC uses a strict mastery-gate system: you cannot advance until you prove competency.
Every gate exam is practical and timed. No presentations — we test what security engineers actually do: find vulnerabilities, demonstrate attacks, implement defenses, write reports.
| Gate | Format | What You Must Do |
|---|---|---|
| G2 — MCP Audit | 2 hours, timed | Full MCP server audit: surface mapping → ≥5 findings with evidence → remediation report |
| G3 — AI Red Team | 3 hours, timed | Full pentest against unseen AI application: ≥4 CVSS-scored findings + publication-quality report |
| G5 — Multi-Agent | 2 hours, timed | Build 3-agent LangGraph system → 3 attacks with terminal evidence → 2 implemented defenses → report |
| G6 — Incident Response | 2 hours, timed | Full IR cycle: detection → containment → eradication → recovery → post-incident report |
| G10 — NIST AI RMF | 2.5 hours, timed | Complete GOVERN/MAP/MEASURE/MANAGE assessment for unseen AI system + executive summary |
| G14 — Capstone | 4hr practical + 1hr written | Integrated portfolio: attack PoCs + defense architectures + governance documentation |
High standards without support is gatekeeping. High standards with structured support is education.
The Mastery-Gate system guarantees every graduate can execute. The Remediation Protocol guarantees every student has a fair path to reach that level. After each failed gate attempt, you receive a targeted study plan based on your specific weak areas — not generic advice, but rubric-mapped remediation.
| Consecutive Failures | Support Tier | What Happens |
|---|---|---|
| 1st | Self-Directed | Targeted Study Plan generated from rubric weak areas. 48-hour cooldown. Independent review. |
| 2nd | Peer Support | Study plan + assigned study partner from cohort or alumni network. Optional group review session. |
| 3rd | Mandatory Mentoring | Study plan + 1:1 session (60 min) with AIISEC mentor. Mentor reviews weak areas, demonstrates techniques. |
| 4th | Prerequisite Review | Mentor assesses whether prerequisite gaps exist. If yes, directed back to specific earlier modules (2–5 days). |
| 5th+ | Program Review | 1:1 review with lead instructor. Options: extended study plan, track transfer, or program pause. No expulsion. |
Same mastery standard. Same 24 modules. Different pacing and employment model.
Learn at your own pace: 4, 6, or 9 months. Same 24 modules, same 16 gate exams. Phase 0 Foundation can be skipped with Placement Test ≥ 85%. The three tracks (Attack/Defense/Governance) can be taken in parallel — calendar time is determined by whichever track you pace slowest.
Network, Linux, Python, Containers, Crypto, CTF Bootcamp (50+ TryHackMe challenges). Skip with ≥ 85% on placement test.
GATE G0: Placement Test ≥ 85%Core Path (A1→A2→A5→A6→A7→A8): AI Threat Landscape → Prompt Injection → Model Extraction & Inversion → Adversarial Attacks on Production AI → MLOps & Supply Chain Security → MITRE ATLAS Red Team → Advanced Exploitation. Targets roles with current enterprise hiring demand.
Agent Specialization (A3→A4 — insertable after A2, required for Full Certification): MCP Protocol Security (OWASP MCP Top 10, tool poisoning, rug pull, STDIO risks) → Multi-Agent Trust Chain Attacks (LangGraph, AutoGen, CrewAI impersonation, result poisoning, privilege escalation). Enterprise demand emerging 2026–2027.
Core Credential: Gates G1, G3–G4 | Full Certification: Gates G1–G5Prompt Injection Defense → Multi-Agent Defense Architecture → Runtime Hardening → Supply Chain Security → Incident Response → Container Security → Secure AI Pipelines → Data Protection → Model Integrity → Zero Trust for AI
GATE G5–G9: IR simulation + cloud audit + architecture reviewNIST AI RMF 1.0 → EU AI Act & Global Regulatory Landscape → AI Ethics Frameworks → Privacy Impact Assessment (GDPR Article 35, DPIA) → ISO 42001 AI Management Systems → Organizational AI Governance & Policy
GATE G10–G13: NIST AI RMF assessment + PIA for unseen AI systemTechnical execution 45% + governance documentation 25% + architecture design 20% + recorded walkthrough 10%. No live presentation. Reviewed by 2 independent evaluators.
GATE G14: Comprehensive portfolio ≥ 85% (dual evaluator)12-week intensive academy → 12-week paid apprenticeship at a partner company. Every candidate enters a partner company only after passing the Academy Final Gate (4-hour practical, ≥85%).
| Feature | Program A: Self-Paced | Program B: Academy + Apprenticeship |
|---|---|---|
| Duration | 4 / 6 / 9 months | 6 months (3+3) |
| Daily Hours | 3–8 hr (learner choice) | 10 hr (academy) / 8 hr (OJT) |
| Gate Standard | ≥ 85% every gate (16 total) | ≥ 85% every gate + final comprehensive |
| Income During Study | No | Yes (apprenticeship phase) |
| Work Experience | Portfolio projects + 22+ labs | 12 weeks real company OJT |
| Three Instructor Tracks | Yes (Alex/Diana/James — all 24 modules) | Yes (all tracks, accelerated) |
| Presentations Required | None | None |
| Best For | Career changers, working professionals | Job seekers wanting fastest employment pathway |
Every apprentice has passed a 4-hour comprehensive exam at ≥ 85%. Guaranteed.
AIISEC mastery-gate system means your apprentice has demonstrated — not just studied — every domain before arriving. 16 gate exams passed at ≥ 85%. Not theory. Not attendance.
Apprentice salary = 50–60% of junior engineer. No recruitment fees. No training cost — AIISEC handles the education.
12-week evaluation period. No obligation to convert. Full performance data from AIISEC + your mentor's assessment.
12 weekly Friday advanced classes during apprenticeship. Your apprentice keeps developing on AIISEC's time — cloud AI, advanced GRC, multi-agent security, eBPF monitoring.
Alex (attack), Diana (defense), James (governance) — each with distinct expertise. Not one instructor reading from a textbook across all domains.
85% gate on every module. No one graduates by showing up. Every skill is proven under timed conditions.
We test what security engineers do: find vulnerabilities, write reports, build defenses, complete IR cycles. Not PowerPoint skills.
MCP protocol security + multi-agent trust chain attacks in the same program. Tool poisoning, rug pull, state injection, result poisoning, HMAC defense implementation.
Attack + Defense + Governance in one program. Every graduate can red team, defend, and document for regulatory review.
Ollama, LangGraph, AutoGen, Trivy, Garak, eBPF, Docker, AWS/Azure/GCP, vLLM. Working tools against real framework code.
Everything you need to know about AIISEC, the mastery-gate system, and AI security careers