Introduction

Hello everyone, it's me Chicken0248 again. In this blog, I'll be sharing my review, experience, and tips for the Certified Agentic AI Pentester (C-AgAIPen) exam from SecOps Group / pentestingexams.com.

To be transparent, the CEO reached out and asked me to try their AI exam in exchange for an honest review. At the time, they only had two AI-focused certifications — Certified AI/ML Pentester and Certified Agentic AI Pentester — and since many organizations are now adopting AI into their platforms, I thought it was worth exploring, so I asked them to give me a voucher for this certification.

But first, what even is Agentic AI? Most people think AI security is just about jailbreaking a chatbot. An agentic AI goes further than that — it doesn't just chat; it takes real actions on your behalf by calling tools and APIs. Think submitting forms, approving workflows, and reading databases — all autonomously. That's where the real attack surface starts to get interesting. You don't just want to jailbreak your AI anymore, because it's not the only attack surface. Now you have a whole application to analyze: where the vulnerability might be, what can be leveraged, and how AI agents — individually or as a group — might be performing actions that you can exploit. The exam focuses exactly on that.

I should also mention the price. The original cost is 250 GBP, but pentestingexams.com regularly offers discounts across all their exams — so I doubt anyone would pay full price. The discounted price is 63 GBP, as shown in the image above.

The voucher comes with 2 attempts (1 free retake if your first attempt fails), but there is no associated course. You are expected to study on your own or already possess the relevant knowledge.

Now let's talk about the exam. As far as I know, none of the certifications from pentestingexams.com come with a course — so in the next section, I'll cover how I prepared, including information I think is safe to share.

Exam Preparation

To be upfront: I had zero knowledge of AI-related attacks before this exam. All I knew were some basic encoding tricks and simple jailbreaking techniques like "ignore previous instruction" and the classic "You are Abdul the all-knowing." But I wanted to force myself to study the topic — it's clearly becoming mainstream, and agentic AI pentesting is something I might actually get to do on the job.

On the official exam page, they list a syllabus covering all possible agentic AI pentesting topics — though not everything listed actually appears in the exam. I focused on: Agent Goal Hijack (direct and indirect prompt injection), Sensitive Information Disclosure, Insecure Output Handling, Tool Misuse and Exploitation, Identity and Privilege Abuse, RCE, Memory & Context Poisoning, Insecure Inter-Agent Communication, and Human-Agent Trust Exploitation. Trying to learn all of this in one week was already a stretch — I was also preparing for my first GIAC cert and working full-time.

pentestingexams.com also lists free resources on the exam page. These are useful for getting a grounding in basic AI pentesting, but for agentic AI specifically, you'll need to explore real-world case studies and understand how AI agents are actually integrated into applications — how they work at a high level and where the attack surface lies.

For fundamentals, I also used my HTB Academy subscription and worked through a few modules from the AI Red Teamer path. There I learned about model recon, jailbreaking techniques, prompt leaking and sensitive data exposure attacks, and — most importantly — function calling and LLM output attacks.

Most AI pentesting exercises, like Gandalf, focus on sensitive data exposure rather than agentic AI pentesting — so I planned to use my first attempt to understand how the exam works and study more before coming back to pass it properly.

One thing worth mentioning: this certification is quite new, and the mock exam had not been released at the time of writing. If it becomes available, definitely take it first — it'll give you a feel for how the exam is structured before you start the clock.

Exam Experience

When you purchase or receive an exam voucher, you'll get two emails. The first contains the exam information as shown here.

It tells you that the exam can be taken any time you like, runs for 4 hours and 15 minutes, and has three possible outcomes based on your score: Failed (0–59.99%), Passed (60–74.99%), and Passed with Merit (75–100%).

The second email contains your VPN access information: the same core details plus instructions on how to connect to the exam environment. The OpenVPN configuration file can be downloaded from certvpn.secops.group using credentials provided in this email.

After downloading the OpenVPN config and connecting to the exam environment, you'll need to verify access to the confirmation page. If it loads, your VPN is working — just start the exam and the firewall rule will push through to allow connections to the designated exam endpoints.

To start the exam, log in to the exam portal at candidate.speedexam.net.

Your exam should appear in the Upcoming Exams section. If you don't see it, switch to the C-AgAIPen group first.

I started the exam on Thursday, April 23, 2026, after work. The portal runs a few checks before you can begin — once everything passes, you're in.

You'll be redirected to the exam submission portal, where you'll need to accept the terms and conditions — at which point the countdown begins. You're presented with 8 questions. Each one tells you what type of vulnerability to identify and exploit. As I mentioned in the introduction, this isn't just "jailbreak the chatbot and get the flag." An AI agent is integrated into different parts of the application, and the vulnerability could be anywhere in the system. The agent might be invoking a specific function or leaking data it wasn't supposed to — and that's your foothold.

After starting, you'll be directed to the designated URL once the firewall rule is applied. Wait 5–7 minutes; if it still isn't working, disconnect from the VPN and reconnect.

The difficulty of each question is already factored into its score weighting, which you can look up to calculate how many flags you need to pass or achieve merit. I found the experience genuinely interesting — every question felt distinct. This isn't about brute-forcing a jailbreak; when the correct vulnerability is identified and exploited, the flag reveals itself cleanly.

I managed to find flags for 6 of the 8 questions, which gave me just enough to pass. The remaining 2 were weighted heavily — almost half the total score between them — and I couldn't identify them within the 4-hour window despite spending every available minute on them. Six flags it was — skill issue on my part.

Looking back, I hadn't originally planned to pass on this attempt — I wanted to use it as a recon run and come back better prepared. As it turned out, that won't be possible anymore. But let's move on to the final review.

Final Review

C-AgAIPen is a certification focused on exploiting applications that integrate AI agents — systems that perform real actions on behalf of users rather than just responding to prompts.

At 63 GBP (75% off the 250 GBP list price), you get 2 exam attempts and no associated course. You're responsible for your own preparation, though the provider supplies a reasonable collection of free resources to get you started.

Definitely recommended for anyone looking for a place to test their AI pentesting skills and explore how agentic AI can be integrated into — and exploited within — real applications.

Exam Tips & Key Takeaways

• Learn how to conduct reconnaissance on AI agents.
• Study a wide range of jailbreaking techniques.
• Try to identify the capabilities of each AI agent integrated into the application — understand what functions it can call and what data it can access.
• Learn how to expose system prompts and sensitive data.
• Don't switch to a different question if you feel close to a solution — all context from that session will be gone once you move away.

That's it for this blog — see you on the next one.