Everyone talks about AI. I break it.

AI, AI-powered, AI systems. The most hyped words right now. Every CEO loves them, cool. But we are penetration testers. We don't just use things, we look behind them, understand how they work, and find out how to break them.

So when AI became the new everything, I asked myself one question: who is going to test all of this?

my story

My path to COAE was fast. Before it was released, I was looking at the cert landscape and felt nothing worth it. web? AD? yeah there are always new things but i work with those every day. I needed a completely new field. not just new content,,, a new world.

AI was the obvious answer. Every company is shipping AI products and services. someone has to test them. i decided that someone would be me.

i had been expecting HTB to drop an AI exam for over a year. I knew it was coming. I just wasn't taking it seriously until I looked around and realized AI isn't slowing down, it's accelerating. So I locked in.

why HTB and not OffSec? everyone who knows the market knows the answer. HTB teaches you real deep knowledge. After COAE, OSAI will feel easy. That's the pattern.

One important thing before anything

If your base in web pentesting is weak, don't jump into AI pentesting yet.

I know AI is trending. I know everyone wants the shiny new cert. But if you don't understand SQL injection, XSS, IDOR, auth bypass, and basic enumeration, you will get stuck on this exam and not understand why. AI lives on the web. You need both.

Follow the trend only after you have the foundation. otherwise you're building on nothing.

The exam, an honest breakdown

PLEASE. PLEASE. PLEASE. Do not start testing before you fully understand the application. Check every feature. map everything. if you see a chatbot, don't focus on it and ignore the rest of the app. that's the fastest way to fail.

The exam is not a prompt injection challenge. it covers LLM security, indirect prompt injection, AI agents, MCP behavior, adversarial ML, model evasion, data poisoning, and chained attacks that mix web and AI together.

There is a main scenario, and you cannot skip steps. Everything is connected. if you get stuck on one specific point in it, say goodbye to 2 days of your life trying to figure it out. it's tricky. but that's also what makes it good.

There are also standalone systems you can solve separately. My tip: do a quick enumeration on each one. If you find something valuable, dig in. If not, move on and come back later. Don't burn hours on something that's not clicking yet.

What about the math?

The most asked question right now. Yes, there is math. You need to understand how models work, how evasion works, and how to think about reversing things.

But do you need to go deep? short answer: no.

What you need is to understand the attack, what it is, why it works, and where it applies. The actual heavy implementation? Let AI help you with the coding and the complex math. if you're not using AI tools to assist your work in 2026 you're operating like it's 1800.

understand the concept, find the attack surface, let AI handle the hard implementation. that's the workflow.

Web pentesting, required?

Sometimes, you cannot move forward without chaining a web attack with an AI attack. SQL, XSS, IDOR, auth bypass, and enumeration all come up. don't show up to this exam without them.

How long did it take me?

The exam window is 7 days. I finished with 85% and had 5 days and 21 hours remaining. minus 8 hours sleeping. fast? yes and no.

When you solve things, they look Easy. You'll ask yourself why it took so long. But that one tricky chained point, if you get stuck there without the right mindset, you're looking at 3+ days minimum just on that one.

think, step back, think again. don't rush to the final payload. gather small pieces of information, chain them, and build up to the final prompt or payload. That's the actual methodology.

reporting

easiest part. I used SysReptor. My report was around 50 pages and didn't take long. just make sure you're saving everything as you go.

Tips and tricks

save everything, outputs, and payloads you will get back to them. If something doesn't work, it's not wrong. It probably needs something added, not replaced. If something isn't firing, try it in a fresh chat session and check again. Enumerate the entire application first before you start attacking anything. Don't go straight for the gold. do it step by step. small pieces of information become the full attack chain.

final thought

COAE is the best cert I've done. not because it was easy, it wasn't. because it's a new field, a real field, and the future of security. The path teaches you things that actually matter.

I recommend it before anything else in AI security. go get it.

BaldHead regards Ahmad Allobani 💀