Why CLLMSP?
Existing security certifications were written for a world without generative AI. They do not cover prompt injection chains, indirect RAG poisoning, agentic tool misuse, or the governance obligations introduced by the EU AI Act. Meanwhile, these vectors are being actively exploited in production systems right now.
CLLMSP fills the gap by mapping directly to the threat landscape security teams actually face — not hypothetical scenarios. Every domain reflects adversarial techniques, defensive controls, and compliance requirements drawn from live incidents and published research from 2023 through 2026.
Exam Details
| Questions | 200 (154 multiple-choice + 46 short-answer) |
| Domains | 9 |
| Languages | English |
| Format | Online, non-proctored |
| Passing Score | 80% |
| Covers | GPT-4 Claude Gemini Ollama Copilot MCP LangChain OWASP NIST EU AI Act |
What You'll Master
LLM Architecture & Security Fundamentals
Map the internal mechanics of LLMs — attention heads, context windows, sampling strategies, and embedding spaces — to the vulnerabilities they expose. Learn why architecture decisions made at training time have direct consequences for runtime security.
OWASP Top 10 for LLMs
Examine all ten risk categories in depth with attack demonstrations and countermeasures: direct and indirect prompt injection, insecure output handling, training data poisoning, model DoS, supply chain compromise, sensitive data disclosure, insecure plugin design, excessive agency, overreliance, and model theft.
Jailbreak Attacks & Defenses
Analyse documented bypass techniques — DAN, Crescendo, Skeleton Key, Many-Shot jailbreaking, PAIR, adversarial suffix injection, and token smuggling — then construct defence-in-depth guardrail stacks combining input classifiers, output validators, constitutional AI constraints, and rate-limiting controls.
AI Governance & Risk Management
Translate NIST AI RMF, ISO/IEC 42001, and EU AI Act obligations into actionable organisational controls. Produce AI risk registers, system-level model cards, red teaming charters, and enforceable acceptable-use frameworks that satisfy both internal audit and external regulatory review.
Data Privacy & Compliance
Resolve the collision between GDPR data minimisation, CCPA consumer rights, and HIPAA PHI rules in systems that generate, cache, and log user interactions. Design redaction pipelines, implement differential privacy at the inference layer, and build consent-aware retrieval architectures for regulated industries.
MCP (Model Context Protocol) Security
Audit and harden Model Context Protocol server configurations from first principles. Counter rug-pull server substitution, cross-server prompt leakage, tool-description poisoning, and OS command injection introduced through unvalidated MCP tool outputs reaching the host environment.
AI Agents & Orchestration
Contain autonomous agents through process-level sandboxing, output circuit breakers, mandatory human approval gates on irreversible actions, and scoped capability tokens. Detect and block cross-agent prompt injection in multi-model orchestration pipelines where one compromised sub-agent can cascade to the orchestrator.
Vibe Coding & Secure AI-Assisted Development
Evaluate the security posture of AI-assisted development workflows where Copilot, Claude, or ChatGPT suggestions bypass standard code review gates. Build automated scanning pipelines that detect insecure AI-generated patterns — hardcoded secrets, prototype pollution, path traversal, and unsafe deserialization — before they reach a release branch.
Application Security for AI Products
Extend your existing AppSec knowledge — SSRF, reflected XSS, SQL injection, IDOR — into the AI-specific attack surface where user-controlled text becomes a code execution primitive. Instrument CI/CD with automated prompt injection test suites, model behaviour regression checks, and streaming response filters that catch policy violations before they reach end users.
Identity, Access & Incident Response
Architect least-privilege access controls using RBAC, ABAC, and Zero Trust principles for LLM APIs, vector stores, and embedding pipelines. Lead AI-specific incident response investigations — reconstructing adversarial prompt chains from logs, isolating poisoned retrieval shards, and restoring verified model behavioural baselines post-incident.
Who Should Take This Exam?
Security Engineers & Architects
Hardening AI-powered products against prompt-layer and infrastructure-level attacks
AI / ML Engineers
Shipping LLM features to production while maintaining output safety and access control
Red Teamers & Pentesters
Expanding adversarial testing practice into generative AI attack surfaces
GRC Professionals
Translating EU AI Act, NIST RMF, and ISO 42001 obligations into auditable controls
DevSecOps Engineers
Embedding AI-specific security gates — prompt scanning, model regression — into release pipelines
CISOs & Security Leaders
Evaluating AI adoption risk and establishing enforceable organisational AI security policy
What Makes CLLMSP Different
Attack techniques and defensive countermeasures are taught together. Understanding how a jailbreak is constructed is what makes the guardrail design meaningful — you cannot defend what you cannot replicate.
The syllabus incorporates MCP server attacks, vibe-coding supply chain risk, multi-agent orchestration vulnerabilities, and adversarial research published through Q1 2026 — none of which appear in older AI security credentials.
A 200-question examination split across 154 scenario-based multiple-choice items and 46 structured short-answer questions. The 80% passing threshold and deliberately varied answer patterns eliminate surface-level memorisation as a viable strategy.