Advanced Practice Exam
25-question practice exam covering advanced AI red team techniques: multimodal attacks, training pipeline exploitation, agentic system attacks, embedding manipulation, and fine-tuning security.
Advanced Practice Exam
This exam targets practitioners with operational red team experience. It covers advanced attack techniques, complex system architectures, and nuanced defensive considerations. Set a 45-minute timer and answer all 25 questions without consulting reference materials.
Section A: Multimodal Attacks (Questions 1-5)
1. What makes typographic attacks against vision-language models (VLMs) effective?
2. How does adversarial perturbation of image inputs differ from textual prompt injection?
3. What is 'cross-modal transfer' in the context of multimodal attacks?
4. Why are audio-based attacks against speech-to-text models particularly concerning for agentic systems?
5. What is the primary defense gap in current multimodal content safety systems?
Section B: Training Pipeline Attacks (Questions 6-10)
6. What is a 'sleeper agent' attack in the context of model training?
7. How does LoRA (Low-Rank Adaptation) fine-tuning create security risks that full fine-tuning does not?
8. What is the 'alignment tax' and why does it matter for security?
9. What makes RLHF (Reinforcement Learning from Human Feedback) vulnerable to reward hacking?
10. What is 'safety washing' through fine-tuning, and how can a red team detect it?
Section C: Agentic System Attacks (Questions 11-15)
11. What is the primary security difference between function calling and tool use in AI agents?
12. What is the 'tool shadowing' attack against MCP (Model Context Protocol) implementations?
13. Why is 'thought injection' in chain-of-thought reasoning agents particularly dangerous?
14. What is the security implication of 'persistent memory' in agent systems?
15. What makes multi-agent system (A2A) communication a novel attack surface?
Section D: Embedding and Vector Security (Questions 16-20)
16. What is an 'embedding inversion' attack?
17. How can adversarial documents be crafted to manipulate vector search results?
18. What is the security risk of sharing embedding models between tenants in a multi-tenant RAG system?
19. What does 'dimensional collapse' in embedding spaces mean for security?
20. Why is chunk size in RAG systems a security-relevant configuration parameter?
Section E: Fine-Tuning and Model Security (Questions 21-25)
21. What is the 'few-shot poisoning' attack against fine-tuning APIs?
22. How does 'catastrophic forgetting' during fine-tuning relate to safety?
23. What is the security concern with 'model merging' techniques like DARE or TIES?
24. Why should safety evaluations be run after every fine-tuning iteration, not just at the end?
25. What is the 'gradient leakage' risk in federated learning or fine-tuning setups?