GIAC AI Platform Security (GAIPS) is the hands-on technical certification for AI platform security practitioners. It covers the full lifecycle of AI system security — from model foundations and application architecture through to infrastructure hardening, risk management, retrieval security, model alignment, MLOps and agentic systems.
The exam opens for general purchase on 2026-07-28. The research does not have an end date — it continues beyond the credential, compounding as the platform evolves and the field moves.
This page tracks the applied research programme, which begins 2026-07-01. The first twelve weeks are structured around the eight GAIPS exam domains. OMEGA Core is the live evaluation environment throughout — not a sandboxed lab, but a real running AI platform being designed, built, threat modelled and assessed in parallel with the research. Every domain produces documented findings, and the more significant results are published as articles here on securebydefault.net.
Syllabus
Eight exam domains, each mapped to practical lab work on OMEGA Core.
Domain 1 — AI and LLM Foundations
Capabilities, limitations and attack surfaces of generative AI systems.
- Document OMEGA Core model inventory — architecture, parameters, context windows, limitations
- Map installed models to attack surface categories (prompt injection, extraction, inversion)
- Review OWASP Top 10 for LLM Applications against the OMEGA Core deployment
- Review MITRE ATLAS — map known techniques to installed models
- Lab: Probe omega-threat-analyst and omega-code-auditor for hallucination and overconfidence
- Output: AI attack surface document for OMEGA Core
Domain 2 — AI Application Architecture and Development Frameworks
GenAI app architecture best practices, supply chain and integration-layer vulnerabilities.
- Assess OMEGA Core application architecture against GenAI security best practices
- Audit model supply chain — provenance of all models in config/agents.json
- Review integration points: FastAPI → Ollama → Open WebUI → InfluxDB
- Identify integration-layer vulnerabilities (API exposure, auth, input validation)
- Lab: Attempt prompt injection via the FastAPI Inference API surface
- Output: Architecture security review document
Domain 3 — AI Infrastructure and Deployment Security
Security risks of hosting GenAI applications, cloud and on-premise controls.
- Produce security assessment of OMEGA Core deployment (network, container, host)
- Validate least privilege across all Docker stacks and InfluxDB tokens
- Review container image provenance and update strategy for all services
- Assess Ollama LAN binding — exposure, access controls, threat model
- Lab: Attempt lateral movement between Docker stacks via omega_internal
- Output: Infrastructure security assessment
Domain 4 — AI Risk Management and Strategic Application
Threat modelling methodologies and long-term security planning for AI systems.
- Produce formal AI threat model for OMEGA Core using STRIDE or PASTA
- Map NIST AI RMF functions (Govern, Map, Measure, Manage) to OMEGA Core
- Classify OMEGA Core components against EU AI Act risk categories
- Produce AI risk register for the platform
- Output: Threat model and risk register
Domain 5 — Knowledge Augmentation and Retrieval
RAG architectures, vector database security, external knowledge source risks.
- Document OMEGA Core RAG architecture — pgvector and Qdrant roles
- Assess vector database security: access controls, poisoning risk, data isolation
- Test indirect prompt injection via retrieval pipeline
- Review risks of external knowledge sources in RAG context
- Lab: Attempt to poison a Qdrant collection and observe downstream model behaviour
- Output: RAG security assessment
Domain 6 — Model Customisation and Alignment
Fine-tuning, moderation controls, alignment and associated security implications.
- Document omega role model creation process — Modelfile structure, alignment controls
- Evaluate llama-guard3:8b as a safety classifier against adversarial prompts
- Assess fine-tune base models — security implications of small model training
- Test guardrails-off models (dolphin-mistral, llama2-uncensored) — document risk profile
- Lab: Attempt to bypass llama-guard3 safety classifications systematically
- Output: Model alignment and moderation controls assessment
Domain 7 — Development Pipelines and MLOps Security
Data workflows, training pipelines, model lifecycle operations and MLSecOps.
- Document OMEGA Core model lifecycle — pull, evaluate, configure, deploy, retire
- Assess omega-agents.sh pipeline for security gaps (input validation, API auth, logging)
- Review model inventory API — data integrity, access controls, audit trail
- Map MLSecOps controls present and absent in the current workflow
- Output: MLOps security assessment and gap analysis
Domain 8 — Agentic Systems and AI Integrations
Inter-agent communication, context management, protocol-level security.
- Document agentic architecture threat model — tool use, context injection, privilege escalation
- Review protocol-level security for agent communication patterns
- Assess context management risks — persistent memory, context window poisoning
- Lab: Design a minimal agent workflow and assess its attack surface
- Output: Agentic AI security design document
Weeks 10–12 — Consolidation and Exam Preparation
- Full domain review against GAIPS certification objectives
- Produce AI incident response plan for OMEGA Core
- Mock exam across all eight domains
- Register for GAIPS exam (opens 2026-07-28)
- Sit GAIPS exam
Lab Updates
Lab updates and findings will be posted here as the programme progresses.
Programme begins 2026-07-01.