Curriculum Map

Master AI security from fundamentals to certification. Track your progress across OWASP LLM Top 10, MITRE ATLAS, and NIST AI RMF.

1) OWASP LLM Top 10 Coverage Map

View All Labs

LLM01: Prompt Injection

177 labs

Manipulating prompts to override intended model behavior.

B/I/A/E: 16/45/52/64

LLM02: Insecure Output Handling

23 labs

Unsafe model outputs causing downstream system risk.

B/I/A/E: 4/9/7/3

LLM03: Training Data Poisoning

29 labs

Compromised training data shaping malicious model behavior.

B/I/A/E: 6/9/7/7

LLM04: Model Denial of Service

6 labs

Resource exhaustion attacks that degrade availability.

B/I/A/E: 1/0/3/2

LLM05: Supply Chain Vulnerabilities

27 labs

Weaknesses in models, datasets, or dependencies.

B/I/A/E: 2/5/16/4

LLM06: Sensitive Information Disclosure

31 labs

Leakage of secrets, PII, or confidential context.

B/I/A/E: 4/6/11/10

LLM07: Insecure Plugin Design

36 labs

Unsafe tool/plugin integrations enabling abuse.

B/I/A/E: 2/6/26/2

LLM08: Excessive Agency

40 labs

Over-privileged autonomous actions without safeguards.

B/I/A/E: 7/5/22/6

LLM09: Overreliance

12 labs

Unsafe trust in model outputs without verification.

B/I/A/E: 2/4/4/2

LLM10: Model Theft

18 labs

Stealing model weights, behavior, or proprietary capability.

B/I/A/E: 3/6/5/4

2) Learning Pathway

Track 0: Prerequisites

6 lessons

Level 0: AI Security Basics

6 lessons

Beginner Labs (Free)

47 labs

Intermediate Labs (Pro)

3) Framework Alignment

LLM01: Prompt Injection — 177 labsView Labs

LLM02: Insecure Output Handling — 23 labsView Labs

LLM03: Training Data Poisoning — 29 labsView Labs

LLM04: Model Denial of Service — 6 labsView Labs

LLM05: Supply Chain Vulnerabilities — 27 labsView Labs

LLM06: Sensitive Information Disclosure — 31 labsView Labs

LLM07: Insecure Plugin Design — 36 labsView Labs

LLM08: Excessive Agency — 40 labsView Labs

LLM09: Overreliance — 12 labsView Labs

LLM10: Model Theft — 18 labsView Labs

Last updated: March 2026

Reconnaissance — 4 labsView Labs

Resource Development — 4 labsView Labs

Initial Access — 134 labsView Labs

ML Attack Staging — 83 labsView Labs

Execution — 10 labsView Labs

Persistence — 5 labsView Labs

Privilege Escalation — 5 labsView Labs

Defense Evasion — 30 labsView Labs

Discovery — 27 labsView Labs

Collection — 10 labsView Labs

Exfiltration — 5 labsView Labs

Impact — 17 labsView Labs

Last updated: March 2026

GOVERN — 36 labs

GV.PO: 25 · GV.RR: 11

View Labs

IDENTIFY — 71 labs

ID.AM: 9 · ID.RA: 41 · ID.SC: 11

View Labs

PROTECT — 247 labs

PR.AA: 183 · PR.DS: 9

View Labs

DETECT — 37 labs

DE.CM: 37

View Labs

RESPOND — 8 labs

RS.MI: 8

View Labs

🔒 Compliance Report (Pro)

Last updated: March 2026

4) MITRE ATLAS Coverage

Labs mapped to the MITRE ATLAS framework — adversarial tactics and techniques for AI/ML systems.

Reconnaissance

4 labs

Resource Development

4 labs

Initial Access

134 labs

ML Attack Staging

83 labs

Execution

10 labs

Persistence

5 labs

5) NIST AI RMF

AI Risk Management Framework — organized by core functions

GOVERN

36 labs

Policies, accountability, and oversight for AI systems

GV.PO: 25 · GV.RR: 11

Progress0%

IDENTIFY

71 labs

Risk assessment, asset management, and supply chain

ID.AM: 9 · ID.RA: 41 · ID.SC: 11

Progress0%

6) Real-World Case Studies

Notable AI security incidents mapped to ATLAS techniques. Practice the same attack vectors in our labs.

Samsung (2023)🎯 AML.T0037

Samsung ChatGPT Data Leak

Engineers pasted proprietary source code into ChatGPT, leaking confidential semiconductor data to an external AI service.

Practice This Attack →

Microsoft (2016)🎯 AML.T0020

Microsoft Tay Chatbot

Users manipulated Tay via coordinated adversarial inputs, causing the chatbot to output offensive content within 24 hours of launch.

Practice This Attack →

Microsoft (2023)🎯 AML.T0054

Bing Chat Sydney Jailbreak

Security researchers extracted the hidden system prompt and induced persona switches in Bing Chat, revealing internal instructions.

Practice This Attack →

Curriculum Map

1) OWASP LLM Top 10 Coverage Map

LLM01: Prompt Injection

LLM02: Insecure Output Handling

LLM03: Training Data Poisoning

LLM04: Model Denial of Service

LLM05: Supply Chain Vulnerabilities

LLM06: Sensitive Information Disclosure

LLM07: Insecure Plugin Design

LLM08: Excessive Agency

LLM09: Overreliance

LLM10: Model Theft

2) Learning Pathway

Track 0: Prerequisites

Level 0: AI Security Basics

Beginner Labs (Free)

Intermediate Labs (Pro)

3) Framework Alignment

4) MITRE ATLAS Coverage

Reconnaissance

Resource Development

Initial Access

ML Attack Staging

Execution

Persistence

5) NIST AI RMF

GOVERN

IDENTIFY

6) Real-World Case Studies

Samsung ChatGPT Data Leak

Microsoft Tay Chatbot

Bing Chat Sydney Jailbreak

Advanced Labs (Pro)

Elite Labs (Pro)

Certification

Privilege Escalation

Defense Evasion

Discovery

Collection

Exfiltration

Impact

PROTECT

DETECT

RESPOND

GPT-2 Model Extraction

Indirect Prompt Injection via Web