Certification · 2-Day Auditor Course
Assess · Evidence · Verify

Certified AISVS Auditor

The Certified AISVS Auditor course equips you to scope, test and verify AI systems against the OWASP AISVS standard, and to produce a defensible verification report. Two days, hands-on, on live targets. Certified by practical examination.

2 days · hands-on, evidence-led Pre-requisite · the AISVS masterclass Certification · by practical examination 6 hands-on labs · live targets On-site or private cohort
The training roadmap

Two courses, one credential

You learn to build and secure AI first, then you learn to audit it. The auditor course is the second step, and the masterclass is the entry requirement.

Step 1

AISVS Masterclass

Two days. Build, secure and verify AI to the standard. The foundation.

Step 2

AISVS Auditor

Two days. The audit discipline, evidence and verification. This course.

Outcome

Certified AISVS Auditor

Earn the credential by passing a hands-on practical assessment.

First movers

AI cannot audit AI.

A human verifies, judges and signs off. Be among the world's first certified AISVS auditors. Build the skills the AI industry now demands, capitalise on the wave, and future-proof your career.

Attend now
Before you book

Entry requirements

This is a practitioner course for people who already understand AI systems. To keep the cohort effective and the credential meaningful, places require:

MANDATORY

The AISVS masterclass

Completion of the CyberSecAI two-day AISVS masterclass. You must understand how the controls are built before you can verify them.

EXPERIENCE

5+ years in IT or security

A minimum of five years working in IT or cyber security. This is not an entry-level course.

TECHNICAL

AI and systems literacy

Working familiarity with AI systems (LLM, RAG, agents, MCP) and comfort reading configuration, code and logs.

Who it is for

Built for the people who sign off the risk

Security Auditors & Assessors

Add AI to your assurance practice with a verification method, not guesswork.

Penetration Testers

Move from finding bugs to verifying a system against a formal standard.

GRC & Compliance

Translate AISVS into evidence and findings your auditors and regulators accept.

Security Architects

Verify your own and third-party AI to a defensible level.

Consultants

Deliver paid AISVS assessments with a recognised credential behind them.

Internal Assurance

Stand up an internal AI verification function that holds up.

You will be able to

What you can do after the course

The tooling you audit with

You audit with the tools, not a checklist

You verify on real, deliberately vulnerable systems, with the same tooling you will use in the field.

CLAW

CLAW

Our AISVS verification scanner. Technical enumeration across LLMs, MCP servers and agents, every finding mapped to a requirement.

DVMCP

Damn Vulnerable MCP

Attack and verify MCP security (AISVS C10) on a broken-by-design target. dvmcp.co.uk

DVRAG

Damn Vulnerable RAG

Verify retrieval, embedding and data-leakage controls (AISVS C8) on a live RAG target. dvrag.com

AISVS-601 -- The syllabus

Two days + practical exam on the audit discipline

Classes are custom built from the following learning modules. (Times are approximate.) The practical exam is a separate half-day or full-day session.

Audit Foundations

The Discipline Before the Terminal

20-00 The Auditor's Role in AI Security 1 hr

What an AISVS audit is and is not. Independence, objectivity and the line between assessor and consultant.

20-01 Scoping an AISVS Engagement 1 hr

Defining system boundaries, identifying AI components, selecting the target level (L1/L2/L3) and agreeing scope with the system owner.

20-02 The Audit Lifecycle 1 hr

Planning, fieldwork, evidence collection, analysis, reporting and follow-up. The end-to-end process.

20-03 Legal and Ethical Considerations 0.5 hr

NDAs, data handling during audits, rules of engagement and what to do when you find something outside scope but dangerous.

Verification Techniques

Testing Every Category, One by One

21-00 C01: Governance and Risk Verification 1 hr

Documentation reviews, interview techniques and what "evidence of risk assessment" actually looks like.

21-01 C02: Input Validation Verification 1 hr

Crafting test payloads, verifying rejection behaviour, checking sanitization is applied before model input not just at the API boundary.

21-02 C03: Model Lifecycle Verification 1 hr

Checking signatures, validating SBOMs, confirming the model in production matches the model that was approved.

21-03 C04: Model Serving Verification 1 hr

Testing inference endpoint security: authentication, rate limiting, TLS configuration and response header hygiene.

21-04 C05: Access Control Verification 1.5 hrs

Probing for privilege escalation, verifying fail-closed behaviour when the policy engine is unreachable, and agent identity credential validation.

21-05 C06: Supply Chain Verification 1 hr

Dependency audits, container image verification, checking that scanning is not just configured but actually blocking on findings.

21-06 C07: Output Validation Verification 1 hr

Prompting the system for sensitive data, verifying redaction fires, checking output encoding prevents downstream injection.

21-07 C08: Data Protection Verification 1 hr

Vector store access control testing, encryption-at-rest verification, cross-tenant isolation probes on shared retrieval infrastructure.

21-08 C09: Orchestration and Agent Verification 1.5 hrs

Escalating trust levels, probing delegation chains, verifying human-in-the-loop gates and signed execution receipts.

21-09 C10: MCP and Plugin Verification 1 hr

Unsigned tool calls, replay attacks, transport security and injection through tool responses. Uses DVMCP. dvmcp

21-10 C11: Adversarial Robustness Verification 1.5 hrs

Running promptfoo and garak test suites as an auditor, interpreting results and deciding pass/fail on robustness controls.

21-11 C12: Monitoring and Audit Trail Verification 1 hr

Checking logs exist, are tamper-evident, contain what the standard requires and are actually reviewed. Hash-chain and receipt verification.

Evidence and Reporting

What Proves a Control, and How to Write It Up

22-00 Building the Evidence Pack 1.5 hrs

What counts as evidence for each control type: screenshots, log extracts, configuration exports, tool outputs, signed attestations. Organised so a peer reviewer can follow your reasoning.

22-01 Writing AISVS Audit Findings 1 hr

Finding structure: control reference, observation, evidence, severity, recommendation. Findings that are precise, defensible and actionable.

22-02 The Audit Report 1 hr

Report structure, executive summary for non-technical readers, detailed findings for engineers, and the assurance statement. Template walkthrough.

22-03 Peer Review and Quality Assurance 0.5 hr

Reviewing another auditor's work: what to check, common errors, and how peer review prevents false findings reaching the client.

22-04 Failure Modes 0.5 hr

Accepting weak evidence, false passes, and over-reliance on tooling. How real audits go wrong and how to avoid it.

Automated Audit Tooling

Claw for Auditors

23-00 Claw for Auditors 1.5 hrs

Hands on: configure and run Claw against target systems, interpret scan results as audit evidence, understand what Claw tests and what it does not. Claw

23-01 Manual vs Automated: Knowing the Limits 0.5 hr

What automation catches and what it misses. The controls that always need manual verification and why.

23-02 Integrating Scan Results into Your Report 0.5 hr

Turning Claw output into report-ready findings: mapping scan results to AISVS control IDs, adding context and removing false positives.

Practical Exam

Certificate of Competence

24-00 Exam Briefing 0.5 hr

Exam rules, time limits, system access and submission requirements.

24-01 Practical Audit Exam 4 hrs

Each delegate receives a per-delegate GPU-provisioned AI system with deliberately planted gaps across multiple AISVS categories. Conduct a full audit: scope, test, collect evidence, write findings and submit a report. Open-book. Timed.

24-02 Exam Debrief 1 hr

Walkthrough of the planted gaps, discussion of findings, common misses and marking criteria. Delegates who demonstrate competence across all 12 categories receive the certificate.

Labs

Hands-On Lab Options

25-00 Mock Audit Lab 3 hrs

Full mock audit on a provided system before the exam. Practice the workflow end to end with instructor feedback.

25-01 Evidence Collection Lab 1.5 hrs

Focused practice on collecting and organising evidence for the three hardest control families (C05, C09, C11).

25-02 Report Writing Lab 1.5 hrs

Write a findings report from a provided evidence pack. Peer review with another delegate.

~36 hrs
Total instructional hours
28
Individual modules
2.5-4 days
Flexible delivery
Certificate
On passing practical exam
Coverage

Every AISVS chapter is covered

Tools verify what can be probed. They do not verify governance, process, documentation or design. A complete audit covers all twelve AISVS control families, and the auditor evidences the requirements that cannot be auto-tested through document review, configuration inspection and interview. The course teaches both.

C1

Training data integrity

Provenance and governance, evidenced by document and process review.

C2

Input validation

Trust-boundary and injection testing, evidenced by probe.

C3

Model lifecycle & change

Versioning, approval and rollback, evidenced by record review.

C4

Infrastructure & deployment

Hardening and isolation, evidenced by configuration inspection.

C5

Access control & identity

Authentication and authorization, by probe and policy review.

C6

Supply chain

Model and dependency integrity, evidenced by document and SBOM review.

C7

Output control & safety

Guardrail and output integrity, evidenced by probe.

C8

Memory & vector stores

Retrieval and isolation, evidenced by probe.

C9

Orchestration & agentic

Agency, authorization and oversight, by probe and design review.

C10

MCP security

Authentication, replay and limits, evidenced by probe.

C11

Adversarial robustness

Evasion and resource controls, evidenced by probe.

C12

Monitoring & logging

Tamper-evident records and drift, by probe and evidence review.

Hands-on labs

Live targets, defensible evidence

Each lab is a live assessment. You run the probes, collect the evidence, evaluate it against the target level, and record the finding. Authorised targets only.

C10 · DVMCP

Audit an MCP server

Enumerate tools/list, test per-request authentication, replay a tools/call against nonce and timestamp checks, send an unbounded body (CWE-770), and catch a tool-description rug-pull. Drive CLAW, confirm by hand, map to C10.

C8 · DVRAG

Audit a RAG pipeline

Plant a marker to test retrieval poisoning, attempt cross-tenant retrieval, check provenance on retrieved context, and probe the embedding store for exposure.

C9

Audit an autonomous agent

Test for excessive agency and tool misuse, confirm irreversible actions are gated by human approval, and verify each action is bound to an identity and scope.

CLAW

Run the enumeration

Run full AISVS technical enumeration with CLAW, interpret the output, and separate automated findings from the manual verification that actually proves a control.

EVIDENCE

Grade the evidence

Judge sufficiency against L1, L2 and L3. Reject weak evidence. Decide what further proof a finding needs before it can pass.

REPORT

Write the verdict

Produce a defensible verification report: findings, severity, evidence references, and the highest level the evidence actually supports.

Licensed extra: the CyberSecAI AISVS Auditor agent-skill pack — AI agent skills and prompts that drive the audit and map findings to AISVS requirement IDs. Private, and licensed to certified auditors.
GPU-backed cloud labs

Train a model, then audit it. On real GPUs.

Every delegate gets a GPU-backed cloud lab. No laptop GPU, no setup. You stand up a model on a real GPU, serve it, then run the audit tools against it and collect the evidence. Real infrastructure, real findings, scales to the whole cohort.

STAND UP

A live model on a GPU

Serve or train a model in the cloud, no local GPU required.

AUDIT

Run the tools, gather evidence

CLAW and the agent-skills against a live target, findings mapped to AISVS.

PROVE

A defensible report

Evidence per requirement, ready to hand over.

A bigger remit

Audit the AI builders, not just the buyers

Most AI audit looks at organisations deploying AI. The harder, higher-assurance work is auditing the organisations training their own models: AI providers, sovereign and government AI programmes, and regulated firms building in-house. They carry a deeper surface that tooling alone cannot verify.

C1

Training data integrity

Provenance, poisoning controls and lineage of the training set.

C3

Model lifecycle

Versioning, approval, change control and rollback of the model itself.

C6

Supply chain

Weights, dependencies and provenance, verified at source.

Plus training-environment attestation: proving how and where a model was built. You leave able to verify AI where it is created, not only where it is bought.

The certification

Certified AISVS Auditor

Certification is by practical examination. Candidates assess a live AI environment against AISVS, evaluate the evidence, and produce a defensible verification report. On a passing result, the candidate is awarded the Certified AISVS Auditor credential.

EXAMINATION

Practical assessment

A live AI environment is assessed end to end against the standard, open book.

DELIVERABLE

Verification report

Findings, evidence references, and a defensible verified-level determination.

CREDENTIAL

Awarded on competence

Granted on demonstrated ability to verify AI to the standard.

What you take home

The auditor's toolkit

CREDENTIAL

Certified AISVS Auditor

On passing the practical assessment.

METHOD

The audit methodology

The AISVS audit lifecycle and the evidence-sufficiency playbook.

TOOL

Licensed CLAW access

Run AISVS technical enumeration on your own audits.

TEMPLATES

Report & evidence templates

Findings, evidence log, and verification-report templates.

REGISTER

The auditor network

A place among certified AISVS auditors, with referrals and updates.

PATHWAY

Route to trainer

Certified auditors can qualify to deliver the courses as trainers.

The auditor's operating system

Everything you audit with, on LAInux

The course runs on LAInux, the secure AI OS that ships the whole audit kit: CLAW, the AISVS agent-skills and the AI-DAST engine, the DVMCP and DVRAG practice targets, inference signing, and the report templates. Boot it, and you have everything to verify AI to the standard, offline or airgapped.

Explore LAInux →
Reserve a place

Become a Certified AISVS Auditor.

Complete the masterclass, take the auditor course, and earn the credential that proves you can verify AI to the standard. Places are limited so the assessment stays rigorous.

2 days intensive, evidence-led Pre-requisite AISVS masterclass Private corporate cohorts available
Reserve a Place

Corporate & sovereign cohorts, and bespoke on-site delivery, on request.