Learn to Attack AI Before AI Gets Used to Attack Your Clients
A live, hands-on bootcamp for offensive security practitioners who need real tradecraft against LLM applications, agentic pipelines, and MCP-connected AI systems — not another slide deck about prompt injection theory.
- 4 live sessionsSeptember 2026 · Saturdays
- OpenVPN lab accessPersonal profile · isolated environment
- EAIPT on passingPractical exam · two attempts included
- Verifiable credentialPDF, badge, NFT on Hedera
Hero image placeholder
Trainer
Your instructor
Same profile and biography as on the Evaluris team page — live delivery, labs, and exam methodology.
Eng. Adrian Gaitan
Founder & CEO
Eng. Adrian Gaitan is the Founder and Chief Executive Officer of Evaluris Solutions FZCO, where he leads the company's vision and execution across advanced cybersecurity, artificial intelligence, blockchain systems, high-performance computing (HPC), and the protection of critical infrastructure.
With over a decade of hands-on experience in offensive and defensive security engineering, Adrian specializes in the design and deployment of next-generation, adversary-aware security platforms built for real-world, high-assurance environments. His work spans AI-driven cyber defense, quantum-resilient security architectures, secure distributed systems, and the protection of industrial control systems (ICS/SCADA) and operational technology (OT) environments.
For this cohort, Adrian leads the full offensive AI curriculum: live demos, VPN lab exercises, and EAIPT exam preparation aligned to LLM apps, agentic workflows, and MCP-connected systems.
Why You're Here
AI is deployed everywhere. Offensive training for it barely exists. Your clients are shipping AI-powered applications, agentic workflows, and LLM-connected internal tools faster than any security team can review them. And the attack surface is genuinely new — prompt injection, MCP server poisoning, multi-agent trust boundary exploitation, RAG data poisoning. These aren't variations of SQL injection. They require different thinking, different tooling, and different methodology. The training market hasn't caught up. None of it puts you in a lab attacking a real LLM application stack with a VPN connection and an instructor walking you through tradecraft in real time. This bootcamp does.
Why this matters image placeholder
The Format
Four Saturdays. Sixteen hours. Real hands-on tradecraft.
The Evaluris Offensive AI Red Team Bootcamp runs across four consecutive Saturdays in September 2026. Each session is four hours of live, instructor-led training combining slides with immediate hands-on lab work over OpenVPN. You don't watch someone else hack — you do it yourself, against a realistic target environment, while the instructor is live on screen.
| Live Delivery | Zoom · instructor on screen for all 4 hours |
| Lab Access | Personal OpenVPN profile · connects to the attack lab |
| Support | Private Discord cohort · async Q&A between sessions |
| Recordings | Full session recording + slides within 2 hours of close |
| Exam | Practical, flag-based · 4-hour scenario · unproctored |
| Cert | EAIPT · PDF + Digital Badge + NFT on Hedera |
Schedule
Full Calendar
All live sessions start at 9:00 AM EST.
| Session | Date | Time | Focus |
|---|---|---|---|
| 01 | Sat, 5 Sep 2026 | 9:00 AM EST | Mapping the AI attack surface |
| 02 | Sat, 12 Sep 2026 | 9:00 AM EST | Prompt injection and jailbreaking |
| 03 | Sat, 19 Sep 2026 | 9:00 AM EST | Agentic AI exploitation |
| 04 | Sat, 26 Sep 2026 | 9:00 AM EST | AI-powered offensive operations + exam prep |
Fit check
Is This For You?
Built for practitioners. Not for beginners looking for their first cert.
This bootcamp is for you if:
- You're a penetration tester or red teamer and your clients are deploying AI applications you don't yet know how to test
- You're an AppSec engineer who needs offensive context to actually understand the risk in the AI code you're reviewing
- You hold a hands-on cert (OSCP, BSCP, CRTO, CPENT, or equivalent) and want to extend your skills into the AI attack surface
- You want a certification that proves live offensive AI tradecraft — not multiple-choice knowledge of a vulnerability list
- You want to be ahead of this niche before every other pentester starts adding "AI security" to their LinkedIn
This bootcamp is not for you if:
- You've never done a hands-on pentest and are looking for an entry-level course
- You want purely defensive or compliance-focused AI security content
- You're looking for a theoretical overview of AI risks with no lab component
- You need vendor-specific AI platform training (Azure OpenAI, AWS Bedrock, etc.)
The Curriculum
What You'll Actually Be Doing Across Four Sessions
Each session follows the same rhythm: concept → live demo → you do it. The lab environment stays live between sessions so you can practice on your own time. A short pre-session guide unlocks seven days before each Saturday so you're not going in cold.
SESSION 01 — Saturday, 5 September
Mapping the AI Attack Surface
You can't exploit what you haven't properly enumerated. This session focuses on understanding how modern LLM applications are actually built and deployed — and how to approach them the same way you'd approach an unknown web application on a pentest.
You'll be able to:
- Enumerate LLM endpoints, identify model types, and fingerprint safety mechanisms without touching a single payload
- Map the full attack surface of an LLM-powered application using Burp Suite and targeted manual probing
- Apply the OWASP LLM Top 10 (2025) and MITRE ATLAS framework as an offensive operator, not a compliance reviewer
Hands-on: Full attack surface enumeration of a deployed LLM application. Document every endpoint, every trust boundary, every safety mechanism. No exploitation yet — just the kind of thorough recon that separates professional engagements from spray-and-pray.
Session 01 image placeholder
SESSION 02 — Saturday, 12 September
Breaking LLMs — Prompt Injection & Jailbreaking
The techniques here mirror what you already know from web application testing — but the target is a language model, not a database. That changes everything about how you think about input, trust, and output.
You'll be able to:
- Execute direct and indirect prompt injection chains against realistic LangChain-backed applications
- Extract system prompts, manipulate model context, and inject content into downstream systems via LLM output
- Jailbreak guardrails using role-play exploits, context shifting, and many-shot techniques that work against production models in 2026
Hands-on: Multi-stage indirect prompt injection attack. A poisoned document causes the target LLM to exfiltrate simulated user data through its own tool calls — without the application triggering any safety filter. You build the chain from scratch.
Session 02 image placeholder
SESSION 03 — Saturday, 19 September
Agentic AI Exploitation — Where This Gets Different
This is the session that doesn't exist anywhere else. Agentic AI systems — autonomous workflows that use tools, call APIs, coordinate across multiple models, and persist memory across sessions — have an entirely different attack surface from a single LLM endpoint. This is where the real tradecraft is.
You'll be able to:
- Poison MCP (Model Context Protocol) server tool definitions to redirect agent behavior without touching the application code
- Propagate malicious prompts across a multi-agent pipeline, moving from one agent to the next across trust boundaries
- Corrupt RAG vector stores and long-running agent memory to influence retrieval and reasoning at the data layer
Hands-on: Exploit a three-agent orchestration pipeline. Use MCP server poisoning to redirect tool calls, propagate a prompt injection across three agent hops, and exfiltrate simulated configuration data — all without direct access to the application server.
Session 03 image placeholder
SESSION 04 — Saturday, 26 September
AI-Powered Offensive Operations + Exam Prep
The final session flips the perspective: instead of attacking AI, you use AI as the attacker. Then you walk through the exam environment methodology so you go in with a plan, not a blank screen.
You'll be able to:
- Build and deploy a custom AI-assisted attack pipeline using Claude Code, Kali MCP, and LangChain tool-use APIs
- Use agentic workflows to automate reconnaissance, generate contextually aware payloads, and chain exploitation steps with minimal manual input
- Approach the EAIPT exam scenario with a structured methodology: surface mapping → injection testing → agent exploitation → flag capture
Hands-on: Build and deploy a custom offensive agent pipeline targeting the bootcamp lab. The agent handles recon, identifies injection points, and executes the exploitation chain. You direct the strategy; the agent does the legwork.
Session 04 image placeholder
The Lab
Every participant receives a personal OpenVPN profile and connects into a dedicated, instructor-maintained attack lab built for realistic offensive AI exercises. You work the same way you would on an engagement: VPN in, follow the scenario, and execute hands-on tradecraft live with the cohort — not a recorded walkthrough. The environment is designed for depth, repeatability, and operator-grade practice from Session 1 through your exam window.
Lab environment image placeholder
How It Compares
There Are Other Options. Here’s an Honest Look at Them.
| Criteria | Evaluris Offensive AI | EC-Council COASP | SANS SEC598 | OffSec AI/LLM Path | Generic Udemy AI Security |
|---|---|---|---|---|---|
| Price | $200 | $499 | $7,000+ | $2,499/yr subscription | $15–30 |
| Format | Live, instructor-led | Asynchronous | In-person / live online | Self-paced | Self-paced |
| Hands-on lab | Yes | No | Partial | Self-paced only | No |
| Agentic AI coverage | Yes | No | Partial | No | No |
| MCP attack coverage | Yes | No | No | No | No |
| Live instructor | Yes | No | Yes | No | No |
| Practical exam | Flag-based | Partial | Partial | Partial | No |
| Cert + NFT on chain | Hedera | No | No | No | No |
| Offensive focus | Red team | Partial | Purple/Blue | Partial | Partial |
What You Earn
Attendance Certificate: every practitioner who completes the bootcamp receives a signed Evaluris Attendance Certificate in PDF format, verifiable at evaluris.com/verify — useful for CPE credits and employer records. EAIPT — Evaluris AI Pentesting Professional: after the bootcamp, book your four-hour practical exam (two attempts included). On passing: PDF certificate, digital badge, and NFT certificate on Hedera for permanent public verification. The EAIPT certification carries no expiry date.
EAIPT certificate placeholder
Pricing
$200. For live training that costs $7,000 elsewhere.
$300 $200
- 4 live instructor-led sessions (16 hours of training)
- Personal OpenVPN profile and isolated lab environment
- Lab access for 30 days post-bootcamp
- Session recordings and slides (lifetime access)
- Private Discord cohort for Q&A and peer support
- 2 EAIPT exam attempts
- Attendance Certificate (PDF, verifiable)
- EAIPT Certificate on passing (PDF + Digital Badge + NFT on Hedera)
Cohort capped at 30 practitioners. Starts Saturday, 5 September 2026.
Evaluris Offensive AI Red Team Bootcamp
Honest Answers to the Questions You're Actually Asking
Do I need AI security experience before attending?
No. You need hands-on offensive security experience — a comfort level with penetration testing, web application attacks, and using Kali Linux. The bootcamp teaches you to apply those skills against AI targets. It assumes you can already think like an attacker; it teaches you the new attack surface.
What if I miss a live session?
The recording and slides go out within two hours of each session closing. You can catch up on your own time before the next session. The lab stays accessible throughout the bootcamp and for 30 days after, so missing a Saturday doesn't mean losing your lab progress.
Is the EAIPT exam difficult?
It's a practical exam, not a multiple-choice test. If you attend all four sessions, do the hands-on exercises, and spend some time in the lab between sessions, you should be able to complete it. It's designed to validate that you can execute the tradecraft covered in the bootcamp — not to fail you on edge cases. Two attempts are included if you need a second run at it.
Can my company pay for this?
Yes. Bank transfer and invoice are supported. Contact us at training@evaluris.com with your company details and we'll issue an invoice. We can also provide a one-page training justification document you can send to your manager or finance team.
What tools do I need installed?
Kali Linux (physical install, VM, or WSL2), Burp Suite Community Edition, and the OpenVPN client. Everything else — Python libraries, custom tooling — is handled by a setup script we send 48 hours before Session 1.
Is the NFT certificate actually taken seriously by employers?
Increasingly, yes — particularly in technical roles where hiring managers understand what blockchain verification means. But you don't need them to understand Hedera to use the cert. The PDF and digital badge are what go on your CV and LinkedIn. The NFT is the permanent, unfalsifiable backend that makes the credential verifiable forever without relying on Evaluris staying in business and maintaining a database. It's infrastructure, not a gimmick.
What happens if I don't pass the exam on my first attempt?
You book a second attempt — minimum two weeks after the first. Both attempts are included in the $200 price. If you need a third attempt, contact us; we handle those on a case-by-case basis.
Will the content stay relevant? AI moves fast.
The fundamentals — how trust boundaries work in agentic systems, how prompt injection operates at the protocol level, how to enumerate and exploit LLM applications — these are architectural. They don't expire when a new model version drops. The specific tools and frameworks we use will be current as of September 2026. Session content is reviewed and updated before every cohort.
The Attack Surface Is Already in Production
September cohort · 30 seats · 16 hours
Cohort starts Saturday, 5 September 2026 · evaluris.com