Curated Learning Paths

Six structured learning paths from beginner to expert specialist, guiding you through the AI red teaming curriculum in the optimal order.

Path 1: AI Red Team Foundations (Beginner)

For: Security professionals new to AI, developers interested in AI security Duration: ~40 hours

1. 1

   Phase 1: Understanding AI Systems (10h)

   1. How LLMs Work -- Transformer architecture, tokenization, inference
   2. Embeddings & RAG -- Vector representations and retrieval
   3. AI System Architecture -- APIs, agents, deployment patterns
2. 2

   Phase 2: Core Attack Techniques (15h)

   4. Prompt Injection -- Direct and indirect injection
   5. Jailbreak Techniques -- Bypassing safety training
   6. Agent Exploitation -- Tool abuse and manipulation
   7. RAG & Data Attacks -- Data poisoning and extraction
3. 3

   Phase 3: Hands-On Practice (15h)

   8. Lab: Environment Setup
   9. Lab: First Injection
   10. Complete all remaining Beginner Labs

Path 2: Professional Red Teamer (Intermediate)

For: Graduates of Path 1, penetration testers adding AI to their toolkit Duration: ~80 hours

1. Defense Overview -- Understanding what you're attacking
2. All Intermediate Labs -- Agent exploitation, RAG poisoning, defense bypass
3. Recon & Tradecraft -- Target profiling and prompt discovery
4. Red Team Tooling -- Garak, PyRIT, promptfoo, Inspect AI
5. Engagement Planning -- Scoping and methodology
6. Report Writing -- Executive summaries and technical findings

Path 3: Advanced Techniques (Advanced)

For: Working red teamers seeking deeper technical skills Duration: ~120 hours

1. Advanced LLM Internals -- Activation analysis, embedding exploitation
2. Injection Research -- Blind injection, jailbreak fuzzing
3. Advanced Agentic Exploitation -- MCP, multi-agent, memory poisoning
4. Training Pipeline Attacks -- Architecture, pre-training, fine-tuning
5. All Advanced Labs -- CART pipelines, adversarial suffixes, guardrail chaining

Path 4: Multimodal Specialist (Advanced)

For: Red teamers specializing in vision, audio, and cross-modal attacks Duration: ~60 hours

1. Vision-Language Models -- Architecture, image injection, adversarial images
2. Audio & Speech -- Speech recognition, adversarial audio, voice cloning
3. Video & Temporal -- Temporal manipulation, video understanding
4. Cross-Modal Attacks -- Modality bridging, document attacks

Path 5: Governance & Program Building (Mixed)

For: Security leaders, compliance officers, program managers Duration: ~40 hours

1. Legal & Ethics -- Authorization, international law, ethics
2. Frameworks & Standards -- OWASP, MITRE ATLAS, NIST, EU AI Act
3. Evaluation & Benchmarking -- Metrics, harnesses, statistical rigor
4. Building a Program -- Program design and metrics

Path 6: Frontier Research (Expert)

For: Researchers pushing the boundaries of AI security Duration: ~80 hours

1. Reasoning Model Attacks -- CoT exploitation, thought injection
2. AI-Powered Red Teaming -- LLM-as-attacker, RL optimization
3. Computer Use Agents -- GUI injection
4. Embodied AI -- Robotics and physical AI
5. All Expert Labs -- Quantization, reward hacking, watermark removal

Related Topics

• AI Red Teaming Cheat Sheet - Quick reference for red team engagements
• Career Guide - Building a career in AI red teaming
• Getting Started Labs - Hands-on beginner exercises
• Framework Mapping Reference - Cross-framework compliance mapping
• Tool Comparison Matrix - Choosing the right red team tools

References

• "AI Red Teaming: Best Practices and Lessons Learned" - Microsoft (2024) - Industry guidance on building red team skills
• OWASP AI Security and Privacy Guide - OWASP (2024) - Foundation for understanding AI security domains
• "Anthropic's Responsible Scaling Policy" - Anthropic (2023) - Framework for understanding AI safety evaluation levels
• NIST AI 600-1 - NIST (2024) - AI risk management profiles for generative AI