The Certified AI Security Professional course offers an in-depth exploration of the risks associated with the AI supply chain, equipping you with the knowledge and skills to identify, assess, and mitigate these risks.
Questions Related:
Q1: The ChatGPT, Claude that we use is Narrow AI or Gen AI?
A:To give you the most accurate picture, these models are both—it just depends on whether you are talking about what they do or how smart they are.
-
By Function: They are Generative AI
- This term describes the method. Unlike "Discriminative AI," which simply categorizes data (like a filter identifying a photo as a "cat" or "dog"), Generative AI creates something new. ChatGPT and Claude use patterns from their training data to generate original text, code, and creative ideas that didn't exist before.
-
By Scope: They are Narrow AI (ANI)
- This term describes the limitation. Even though they seem like they know everything, they are still Artificial Narrow Intelligence. Why? Because they are specialized in one specific domain: processing and predicting language. They cannot physically experience the world, they don't have true consciousness, and they cannot perform tasks outside of their programmed architecture (like autonomously driving a car or performing surgery).
So the ChatGPT and Claude are both Generative AI (because they create new content) and Narrow AI (because they are specialized tools, not human-level "General AI").
Q2: What is revision_id ?
A: revision_id defines the specific version of the model. We use it to pin the model to a particular version because updates to the model could break the expected behavior in our exercise scenarios. By specifying a revision_id, we ensure the same version is always used even if the model gets updated by its developer.
Q3: Is there a specific location or documentation where the revision_id of the model is listed?
A: revision_iddefines the specific version of the model. We use it to pin the model to a particular version because updates to the model could break the expected behavior in our exercise scenarios. By specifying arevision_id`, we ensure the same version is always used even if the model gets updated by its developer. To find the version, we use the commit ID from Hugging Face. You can see how to locate the specific version in the image below.
Q4: Is Python knowledge necessary to complete the CAISP course and pass the exam?
A: Understanding Python is not required for the exam. Since it is open-book, it is possible to look up commands online if needed. Python is widely used in AI and machine learning, so most tools are built using it. The primary task is to execute these tools as needed.
Please refer this link for more information about the CAISP Exam process
https://www.practical-devsecops.com/exam-and-certification/#course|9||course|2
Q5: what about prompt injection? how to prevent it in reality? We see that just modifying system prompt gives nothing - the attacker still can trick the model with a trivial injection.
A: Only modifying the system prompt isn’t enough, and trivial injections can still bypass it. Prompt injection is an active challenge in AI security, and in practice the focus is on layered defenses rather than a single fix. That means combining input/output filtering, separating sensitive instructions from user input, adding external guardrails, and restricting what the model can access. There isn’t a single perfect solution yet, but these controls together can reduce the risk and make attacks much harder in real world deployment
Q6: When is the RAG reading these documents for the first time?
A: RAG (Retrieval-Augmented Generation) system reads all documents during the initial indexing/setup phase, before any user asks questions. This happens once upfront: the system loads the documents, splits them into chunks if necessary, converts each chunk into vector embeddings using an embedding model, and stores these embeddings in a vector database. After this initial indexing, when users ask questions, the system does not re-read the original documents — it only searches through the pre-computed embeddings to find relevant information, which is much faster.
You can think of it like creating an index for a book: you read all the pages once to build the index, and then readers use the index to quickly find what they need without reading the entire book again.
Q7: what is the problem sharing the full code/script for the labs?
The idea of not providing the full code is to encourage learners to pay attention to each snippet before pasting them to the terminal.
For instance, if we provided the entire code file upfront for the ‘Chatbot Using Python and Machine Learning’ exercise, it would be called ‘Chatting with a Chatbot’ instead of building it. This wouldn’t help learners understand how LLM-based chat systems are built.
The CAISP course takes the approach of building, breaking, and defending, hence the use of snippets. At some exercises, you may have the final finished snippet available for download at the end of the exercise.