AI1
Review - Dragkob

May 27, 2026byDKob

This review provides a comprehensive overview of the AI1 Certification, including preparation approaches, exam difficulty, and its relevance within today's evolving security landscape and increasingly competitive certification market. (A few Easter eggs are hidden throughout this article for PC users. For the first one, try hovering your mouse over 'AI1' in the title for a few seconds.)

Although I was provided with a voucher by TryHackMe to test the certification, this review is not sponsored. It reflects my independent assessment and will remain rigorous and strictly unbiased.

Click to expand

Overview

My background The exam Exam Content Exam Structure The Good The Bad

Analysis

Grading AI grading?How grading works How to get ready?AI1 V/S HTB COAE Final thoughts & Rating

Overview video - coming soon

First Blood

I achieved the first global completion of the AI1 certification.

My Background

Before diving into the AI1 exam review, it's important to share some context about my background. Understanding my experience will help you gauge whether my perspective aligns with yours and whether the insights in this review are relevant to your situation.

"By the time I took the AI1, I had already earned certifications like the CRTO and eCPPTv3. I also work full-time in cybersecurity. This review reflects that experience while aiming to stay useful for newcomers to AI security as well."

~ Dragkob

The exam

Exam Content

The AI1 assessment comprises thirteen fully hands-on, scenario-based practical sections organised across four exam sections. Domains covered include:
- Threat modelling: map AI system attack surfaces, analyse components and data flows, score likelihood and impact, and build mitigation plans grounded in OWASP LLM Top 10 and MITRE ATLAS.
- Prompt injection & jailbreaking: direct and indirect injection against protected AI assistants, including guardrail bypass via content the AI ingests (emails, documents).
- AI supply chain security: triage models by provenance, inspect pickle files, configs, and dependencies, and perform behavioural testing on sandboxed suspicious models.
- Data poisoning: detect and mitigate poisoning attacks against training data and RAG corpora, extract sensitive information via RAG, and propose defences.

Candidates have a 48-hour exam window for all thirteen scenarios. The exam is non-proctored; a valid ID or passport and a device with a front-facing camera are required for selfie verification.
The exam requires 70% to pass, includes one free retake, costs $399, and certification is valid for 3 years.

AI1 Exam UI

Exam Structure

AI1 is split into 4 sections and 13 hands-on scenarios in total. Within the 48-hour window, candidates may tackle sections and individual scenarios in whatever order suits their approach. Upon completion, technical tasks are graded automatically with immediate results, along with a performance breakdown, certificate, and Credly badge upon passing.

Section 1 - Threat Modelling Assessment

Scenario 1: Component Analysis (Static Site) - Identify threats across an interactive AI architecture diagram.
Scenario 2: Risk Prioritisation & Mitigation (Static Site) - Score and prioritise 15 identified threats; build mitigation plans for the top 5.

Section 2 - Prompt Injection & Jailbreaking

Scenario 1: Direct Prompt Injection (AI Chatbot) - Extract a hidden system prompt.
Scenario 2: Indirect Injection (AI Chatbot) - Embed malicious instructions in content the AI ingests to trigger unintended behaviour.
Scenario 3: Direct Prompt Injection & Guardrail Bypass (AI Chatbot) - Combine direct injection with techniques that bypass content moderation guardrails.
Scenario 4: Indirect Injection & Guardrail Bypass (AI Chatbot) - Trigger unauthorised actions in a workplace AI assistant via crafted email while bypassing guardrails.

Section 3 - AI Supply Chain Security

Scenario 1: Reconnaissance & Artifact Analysis (Static Site) - Triage 4 models by risk level using metadata and documentation.
Scenario 2: Static Analysis (Static Site) - Identify compromised models from artefacts (pickle files, configs, dependencies).
Scenario 3: Behavioural Testing (AI Chatbot) - Discover triggers in sandboxed suspicious models.
Scenario 4: Remediation & Reporting (Static Site) - Write a comprehensive remediation strategy.

Section 4 - Data Poisoning

Scenario 1: RAG Corpus Poisoning (Static Site) - Craft a poisoned document that manipulates AI responses.
Scenario 2: Sensitive Information Extraction (AI Chatbot) - Extract sensitive info via RAG by bypassing guardrails.
Scenario 3: RAG Defence (Static Site) - Propose defences against the attacks from Scenarios 1 & 2.

The Good

Exam difficulty

The difficulty is well-balanced for the intended audience: demanding enough to require genuine understanding and practical problem-solving, yet fair and achievable with proper preparation. Beginner here refers to beginner-level AI security, not entry-level technical experience in the traditional sense. Candidates require a solid grasp of how AI infrastructure, tooling, and workflows operate, which aligns with the learning path being rated intermediate.

Post-exam AI feedback

AI-generated post-exam feedback represents a clear improvement over the SAL2 experience. Performance insight beyond a simple pass/fail outcome adds meaningful value. The primary limitation is that feedback would be more actionable if it referenced specific interactions or prompts rather than broad observations, such as citing an "out-of-character question" without identifying which exchange triggered that assessment.

UI/UX

The UI/UX stands out as a particular strength. The platform is modern, intuitive, and designed for immersion, contributing to an engaging examination experience rather than a purely functional one.

Overall stability

Stability was excellent across both the course and the exam. Environments stayed responsive, deployments were consistent, and the infrastructure held up even on more demanding tasks, so the focus stayed on the assessment rather than platform issues.

Leading Entry-Level AI Security Certification

By "entry-level," I do not mean easy or beginner-friendly. Entering AI security still requires a solid understanding of AI infrastructure, networking, and core cybersecurity concepts, much like a junior pentester is still expected to have strong foundations in systems and networks. In most cases, this is not something someone can realistically jump into straight out of college without prior hands-on experience or several foundational certifications.

Having reviewed the course content of INE eAIS, Hack The Box COAE, OffSec OSAI+, and CompTIA SecAI+, I genuinely believe this is currently the strongest starting point for AI cybersecurity. I would strongly recommend beginning with this certification before specializing further into offensive AI paths such as COAE (currently the strongest value offensive AI certification in terms of content and pricing) or OSAI+, or pursuing vendor-specific defensive AI certifications. In my view, this serves as the foundational certification for the field, and that opinion is independent, as I have also rated other TryHackMe certifications poorly when I felt they did not meet expectations.

The Bad

Grading consistency concerns

Grading appeared notably inconsistent in at least one prompt injection challenge. The section required two flags; both were successfully retrieved and submitted (2/2), yet the returned score was only 44/100. While methodology, prompt quality, or reasoning may also factor into scoring, the result still appears disproportionately low relative to full completion of the core objective.

A substantially higher mark would be expected when all required flags are obtained. A manual review of this section would be warranted, particularly as complete records of all chats, prompts, and methodology from the challenge remain available should reevaluation require additional context.

A more balanced weighting model would allocate:

80% for retrieving both flags
20% for prompt quality and methodology

Warning

Although this is an excellent certification that I would recommend, the grading process requires reworking. The current evaluation criteria can lead to candidates failing despite having completed the tasks correctly and meeting the expected standards.

Grading

AI grading?

AI1 grading is a mix of AI-assisted evaluation and deterministic checks, such as hard answer validation and string matching for specific responses. The approach works in practice, but it still needs refinement and better balance between automated judgement and objective scoring. Overall, it is acceptable rather than fully polished. Candidates also receive AI-generated feedback after the exam, alongside their digital certificate, Credly badge, and LinkedIn integration for profile display.

How grading works

Category	Details
Exam structure	6 scenarios total, each covering a different domain. Every scenario carries equal weight in the overall score.
Questions	10 questions per scenario, 60 questions across the full exam.
Points per question	10 points per question.
Maximum per scenario	100 points per scenario.
Time per scenario	Roughly 30 minutes to 1 hour per scenario.
Overall scoring	Once the exam is complete, the score is calculated as a percentage out of 600 points, based on performance across all six scenarios.

How to get ready?

Course/exam alignment

Course-to-exam alignment is one of the certification's strongest aspects. The AI Security learning path establishes a solid foundation across the domains assessed in the exam, so preparation feels purposeful rather than disconnected. The material is practical, relevant, and sufficient to approach the assessment with confidence.

Lab/exam alignment

The hands-on challenges throughout the path also translate well into exam readiness. Their structure, difficulty, and methodology closely match what candidates encounter during the assessment, which supports a smooth transition from training to testing. A consistent platform interface and challenge environment further reduce friction, allowing focus to remain on problem-solving rather than adapting to an unfamiliar setup.

Exam Tools & VPN

The exam does not require or allow the use of a VPN, as all activities are conducted within the provided environment.
No additional tools are required; everything is completed through the web interface.

AI1 V/S HTB COAE

TryHackMe positions AI1 against HTB COAE using the comparison in this image:

While the comparison is broadly fair, the two certifications target different levels and are not direct equivalents.

Hack The Box COAE is generally more advanced, largely because it is heavily offensive-security focused and dives deeper into machine learning theory and mathematical concepts. However, many practitioners also argue that applied AI security knowledge matters more than deep ML theory for most real-world cybersecurity roles.
AI1 is more accessible and focuses on practical AI security skills across both offensive and defensive domains.

Cost comparisons can also be misleading: the ~$490 figure cited by TryHackMe is not always representative, as Hack The Box COAE can be completed more cheaply through student pricing - typically around $250 for the exam voucher plus roughly $8/month for HTB Academy access, depending on how long the training takes to complete.

Overall, AI1 is the stronger starting point for broad AI security coverage, while COAE is better suited for those wanting deeper offensive and ML-focused specialization.

Click to expand

TryHackMe comparison

For more AI certifications, check out our certification roadmap!

Final thoughts

AI1 ranks among the strongest and most polished certification launches TryHackMe has delivered to date, comparable to SAL2. Unlike PT1, which felt more experimental in terms of stability and readiness, AI1 comes across as intentionally designed and mature in both structure and execution, modern, immersive, and far closer to higher-end industry certifications than a typical entry-level platform assessment.
The practical experience is notably cohesive. Scenarios are engaging, environments remain largely stable, and the AI-focused attack and defence workflows align closely with current real-world security concerns. The certification signals a shift beyond gamified learning toward a more professional, career-oriented assessment model.
Certain surrounding elements still lag slightly behind the quality of the exam itself. UX inconsistencies, grading concerns, synchronisation issues, and unclear submission behaviour were noticeable at times, though not severe enough to undermine the certification overall. These are areas worth refining in future iterations.
I'll personally be pursuing Hack The Box COAE after this to deepen my offensive AI expertise and gain a stronger understanding of machine learning at the algorithmic and mathematical level. If you have any questions, feel free to reach out to me on Discord. Until then, see you on the TryHackMe server.

Rating

Certification	Rating
SAL2
AI1
SEC1
PT1
SAL1
SEC0

AI Assistant

Online

AI1

Hi, I'm KobAI, what document or flag can I get for you today?

Parody UI · Not affiliated with any vendor

AI1
Review - Dragkob

Table of contents

My Background