Skip to main content

Learning Roadmap

How to Become a AI Attack Surface Analyst

A step-by-step, phase-based learning path from beginner to job-ready AI Attack Surface Analyst. Estimated completion: 7 months across 5 phases.

5 Phases
30 Weeks Total
Medium Entry Barrier
Advanced Difficulty
← AI Attack Surface Analyst Overview Interview Prep →
Your Progress 0 / 5 phases

Progress saved in your browser — no account needed.

  1. Foundations - AI Systems and Security Fundamentals

    6 weeks
    Goals
    • Understand transformer architecture, tokenization, embeddings, and attention mechanisms at a conceptual level
    • Learn OWASP Top 10 for LLM Applications and MITRE ATLAS framework structure
    • Set up a local LLM testing environment using HuggingFace Transformers and OpenAI API
    • Gain fluency in Python scripting for security automation and API interaction
    Resources
    • OWASP Top 10 for LLM Applications (2025 edition)
    • MITRE ATLAS website and case study library
    • HuggingFace NLP Course (free, covers transformers fundamentals)
    • fast.ai Practical Deep Learning course for conceptual ML grounding
    • Automate the Boring Stuff with Python for scripting fluency
    Milestone

    You can articulate the OWASP LLM Top 10, set up a local LLM environment, and write Python scripts that interact with model APIs.

  2. Adversarial AI Techniques and Red-Teaming

    8 weeks
    Goals
    • Master prompt injection patterns including direct injection, indirect injection, and multi-turn manipulation
    • Learn model extraction, data poisoning, and membership inference attack methodologies
    • Gain hands-on experience with Garak and PyRIT for automated vulnerability scanning
    • Understand RAG pipeline architecture and identify injection points in retrieval, chunking, and generation stages
    Resources
    • Garak documentation and GitHub examples (NVIDIA)
    • Microsoft PyRIT tutorials and red-teaming notebooks
    • Simon Willison's blog on LLM prompt injection techniques
    • Simon Willison's 'Prompt Injection Explained' series
    • Lakera Guard Prompt Injection educational resources
    • Research papers: 'Not what you've signed up for - Compiling Real-World Prompt Injection Attacks' (Greshake et al.)
    Milestone

    You can independently red-team an LLM application, identify at least 5 distinct vulnerability classes, and produce a findings report.

  3. AI Attack Surface Mapping and Threat Modeling

    6 weeks
    Goals
    • Learn to conduct comprehensive AI asset inventories across cloud and on-premise environments
    • Build threat models for AI systems using MITRE ATLAS, STRIDE-adapted-for-AI, and custom frameworks
    • Audit AI supply chains including model provenance, dependency analysis, and data lineage tracking
    • Understand agent architectures (LangChain, CrewAI, AutoGen) and their unique attack surfaces
    Resources
    • NIST AI Risk Management Framework (AI RMF 1.0)
    • MITRE ATLAS threat modeling playbook
    • LangChain documentation and security considerations guide
    • NIST SP 800-53 controls mapped to AI systems
    • Cloud security documentation for AWS Bedrock, Azure AI, GCP Vertex AI
    Milestone

    You can produce a complete AI threat model for a multi-model production system with prioritized risk ratings and remediation guidance.

  4. Cloud AI Security and MLOps Hardening

    5 weeks
    Goals
    • Audit cloud AI service configurations for access control, data residency, and encryption gaps
    • Review MLOps pipelines for model signing, artifact integrity, and secure deployment practices
    • Test vector database security including access controls, namespace isolation, and injection defenses
    • Implement continuous AI security testing in CI/CD pipelines
    Resources
    • AWS Well-Architected Framework - ML Lens
    • Azure AI security best practices documentation
    • Weights & Biases MLOps security guides
    • Pinecone and Weaviate security documentation
    • Snyk and Dependabot for supply-chain scanning configuration
    Milestone

    You can audit a cloud-hosted AI production environment, identify misconfigurations, and integrate automated security checks into the deployment pipeline.

  5. Professional Practice - Reporting, Communication, and Portfolio

    5 weeks
    Goals
    • Develop executive-level AI risk reporting skills that translate technical findings into business impact
    • Build a portfolio of red-team reports, threat models, and tool contributions
    • Learn to run structured AI red-team exercises with cross-functional stakeholders
    • Prepare for industry certifications and community contributions
    Resources
    • MITRE ATLAS case studies for report structure templates
    • Presentation skills resources (e.g., 'The Pyramid Principle' by Barbara Minto)
    • GitHub portfolio templates for security researchers
    • Industry conferences: Black Hat AI Summit, DEF CON AI Village, NeurIPS SafeRL workshop
    • Certifications: AWS Certified Security Specialty, GIAC Machine Learning Security
    Milestone

    You can lead an AI red-team engagement end-to-end, produce boardroom-ready risk reports, and present a portfolio demonstrating real-world AI security expertise.

Practice Projects

Apply your skills with hands-on projects. Ordered by difficulty.

LLM Vulnerability Scanner - Build Your Own Garak-Style Tool

Intermediate

Build a Python-based LLM vulnerability scanner that tests a target model API against a library of prompt injection, jailbreak, and data extraction probes. Implement configurable probe sets, automated scoring of model responses for successful exploitation, and HTML/JSON report generation. This project builds core adversarial testing skills and tool-building capability that distinguish exceptional analysts.

~35h
Prompt injection technique designPython security automationAPI security testing

RAG Pipeline Security Audit Toolkit

Advanced

Develop a comprehensive toolkit for auditing RAG-based applications. Include modules for vector database injection testing, embedding space analysis, system prompt extraction via context manipulation, cross-tenant retrieval testing, and output sanitization verification. Target a real open-source RAG application and produce a full security audit report with findings, risk ratings, and remediation recommendations.

~45h
RAG architecture security analysisVector database vulnerability testingEmbedding manipulation techniques

AI Agent Red-Team Lab - Exploiting Tool-Calling Agents

Advanced

Set up a local LangChain or CrewAI agent with access to multiple tools (file system, web browser, database, email). Systematically discover and demonstrate exploit chains that cause the agent to perform unauthorized actions, exfiltrate data, or escalate privileges. Document each exploit with reproduction steps, impact analysis, and proposed mitigations. This is the most hands-on way to build agent-specific security expertise.

~50h
Agent architecture security analysisMulti-step exploit chain designTool-call abuse and privilege escalation

MITRE ATLAS Case Study Repository for Your Organization

Intermediate

Create a comprehensive MITRE ATLAS mapping for your organization's AI systems. For each deployed model and AI application, map the applicable ATLAS tactics and techniques, assess current defenses, and identify gaps. Build this as a living document or dashboard that the security team can use for ongoing threat-informed defense planning.

~30h
MITRE ATLAS framework applicationAI threat modelingRisk assessment methodology

HuggingFace Model Supply Chain Auditor

Intermediate

Build an automated tool that scans HuggingFace model repositories for security risks: license compliance, dependency analysis, behavioral baseline testing against known adversarial benchmarks, provenance verification (checking model hashes, upload history, and author reputation), and comparison against organizational approved-model lists. Integrate this into a CI/CD pipeline so that only vetted models reach production.

~40h
AI supply chain securityModel provenance verificationAutomated security scanning

AI Threat Intelligence Feed and Alert System

Beginner

Build a monitoring system that aggregates AI security research from arXiv, security blogs, GitHub advisories, and vulnerability databases. Automatically categorize findings by relevance to your organization's AI stack, generate weekly intelligence briefs, and alert on high-severity developments. This project builds the ongoing awareness muscle that is essential for staying ahead of the AI threat landscape.

~25h
Threat intelligence gatheringData aggregation and filteringAutomation scripting

Ready to Start Your Journey?

Prep for interviews alongside your learning — it reinforces every concept.

Practice Interview Questions Explore More Careers