Drel Certified: AI Security Architect — Professional
A professional credential for security architects, AppSec engineers, and AI governance leads who assess AI, RAG, and agentic systems before production. The exam tests threat modeling, attack path analysis, control design, evidence classification, and go-live risk decisioning.
What the credential demonstrates
Passing the DC-AISA-P exam demonstrates that you can independently assess an AI or agentic system for production readiness — identifying attack surfaces, evaluating controls, classifying evidence, and reaching a defensible go-live decision.
The exam is not a product quiz. It tests domain knowledge across the AI security review lifecycle, including frameworks (NIST AI RMF, ISO 42001, EU AI Act, OWASP LLM/Agentic Top 10, MITRE ATLAS, MAESTRO) and applied case-based judgment.
Exam syllabus
Five domains. 60 questions sampled proportionally by weight.
- Agentic component ontology: human_user, ai_agent, planner, rag_source, vector_database, tool, mcp_server, mcp_client, external_system, approval_boundary, policy_engine, audit_log, model_gateway, memory_store
- Trust boundaries and delegation chains
- Agentic flow timelines and decision points
- RAG, agentic, fine-tuned, and API-wrapped system archetypes
- Multi-agent systems and dynamic sub-agent spawning
- Direct and indirect prompt injection (stored, live, steganographic)
- Retrieval poisoning and data source manipulation
- Excessive agency and tool abuse
- Authorization bypass in MCP and tool chains
- Data leakage through retrieval and memory
- OWASP LLM Top 10 (2025) and OWASP Agentic Top 10 (2026)
- MITRE ATLAS tactics and MAESTRO threat categories
- Control types: preventive, detective, corrective, governance, runtime
- Lifecycle gates: before_pilot, before_production, ongoing
- Tool gating, human approval boundaries, policy enforcement
- Audit logging and evidence capture
- Least privilege in tool access and model permissions
- Output filtering and input sanitisation
- NIST AI RMF 1.0 — Map, Measure, Manage, Govern functions
- ISO/IEC 42001 — AI management system requirements
- EU AI Act — risk classification and obligations
- Evidence classification: explicit, inferred, assumed, unknown, missing_evidence, verified
- Framework coverage: supports_evidence_for, requires_validation, not_yet_evidenced
- Assumptions, open questions, and evidence gaps
- Five-state disposition: proceed, conditional, restricted_pilot_only, hold, decline
- Blockers, residual risk, and evidence completeness criteria
- Re-review triggers: model_change, tool_added, data_source_change, autonomy_increase, user_group_expansion, vendor_change, production_rollout, scope_change
- AI Committee roles and formal sign-off
- Defensibility under audit and regulatory review
Credential and verification
Passing candidates receive a DC-AISA-P credential with a unique ID and a public verification page at drel.ai/verify/[credential-id].
The verification page shows the holder's name, issue date, expiration date, exam version, and current status (Active / Expired / Revoked). Domain scores are shown only if the holder opts in.
Credentials are valid for 24 months. The AI security domain evolves rapidly — renewal ensures the credential reflects current knowledge.
After passing, a LinkedIn share flow pre-fills the certification fields so you can add it to your profile in one click.
Access model
| Segment | Access |
|---|---|
| Drel Plus / Pro | 1 attempt included per year |
| Enterprise | Team vouchers + admin reporting |
| Free / trial users | Syllabus + sample questions only |
| Non-customers | Standalone exam — $79 |
| Retake | $29 or 7-day cooldown |
Ready to sit the exam?
You need a Drel account to take the exam. Sign in or create a free account — no payment required to start. Paid plans include one attempt per year.