Certified Retrieval-Augmented Generation Security Fundamentals (CRAGSF) Certification Program by Tonex
Duration: 2 Days | Format: Virtual / In-Person / Hybrid
Credential: Certification + Exam + Digital Badge
Level: Foundation – Technical Awareness
The CRAGSF certification equips AI engineers, cybersecurity professionals, architects, and compliance teams with foundational knowledge of security risks, vulnerabilities, and mitigation strategies for Retrieval-Augmented Generation (RAG) systems. RAG blends LLMs with external knowledge bases or vector databases, introducing novel attack surfaces and integrity risks. This course focuses on real-world RAG implementations, attack modeling, and risk management.
Learning Objectives
By completing the CRAGSF program, participants will be able to:
- Describe the architecture and components of RAG-based systems.
- Identify major security risks in RAG pipelines, including prompt injection, data poisoning, and vector store exploits.
- Analyze security implications of document retrieval, embedding strategies, and indexing.
- Map known threats using OWASP LLM Top 10, MITRE ATLAS, and AI-specific threat modeling tools.
- Apply secure RAG design principles to prevent data leakage, hallucination amplification, and unauthorized access.
- Develop a basic RAG-specific risk register and mitigation plan for LLM-integrated systems.
- Support secure MLOps pipelines and compliance readiness for RAG-based deployments.
Target Audience:
- AI/ML Engineers & LLM Developers
- Security Architects and Red Teamers
- DevSecOps & MLOps Professionals
- Application and Data Security Engineers
- Compliance & Risk Managers
- Product Managers working with GenAI or LLM applications
- Technical Team Leads and CISOs adopting LLMs
Program Modules:
Day 1 – RAG Fundamentals and Threat Landscape
Module 1: Introduction to RAG Architecture
- Components: Retriever, Ranker, Embedder, Vector Store, Generator
- Contrast with vanilla LLMs and fine-tuned models
- Use cases: knowledge agents, semantic search bots, copilots
Module 2: Threat Landscape for RAG Systems
- OWASP Top 10 for LLMs (2024)
- MITRE ATLAS threat actor behaviors
- Prompt injection (direct, indirect, cross-layer)
- Embedding layer manipulation and injection
Module 3: Secure Retrieval Layer Engineering
- Data sanitization and content-based access control
- Vector store attacks: collision, poisoning, inference
- Secure chunking, indexing, and metadata control
- Case: Document retrieval manipulation via pre-crafted text blocks
Module 4: Input/Output Risk and Jailbreak Defense
- Generator-level risks (e.g., hallucination escalation, sensitive echo)
- RAG-specific prompt hardening
- Context window exploitation and contextual injections
- Output validation and restricted formatting
Day 2 – Defensive Strategies and Secure RAG Implementation
Module 5: Security Controls and Best Practices
- RAG pipeline authentication and encryption
- Separation of concerns: isolate retriever and generator
- Content moderation of retrieved chunks
- RAG + RBAC (Role-based chunk access)
Module 6: RAG Risk Management and Governance
- RAG attack tree design (with DFDs and STRIDE extensions)
- Building a RAG-specific risk register
- Integration with AI RMF, NIST AI 100-1, ISO 42001
- Logging, audit trails, and monitoring for RAG interactions
Module 7: Secure RAG Development Lifecycle
- Secure MLOps for RAG systems
- Model card extensions for RAG
- CI/CD for vector stores and retrieval functions
- Pen testing & red teaming RAG pipelines
Module 8: Final Capstone Simulation
- Use case: Secure RAG assistant for enterprise documentation
- Teams define threat model, secure architecture, and test plan
- Walkthrough: data leak prevention, zero trust retrieval, and prompt control
Course Materials:
- CRAGSF slide deck ( PDF)
- Participant workbook with diagrams, templates, and quizzes
- RAG security checklist (architecture + runtime)
- Threat modeling templates (DFD, STRIDE, OWASP, MITRE ATT@CK and ATLAS)
- Secure embedding pipeline design cheat sheet
- Prompt injection test cases & benchmarking scripts (optional)
Certification Exam:
- Format: 50 questions (MCQ, scenario-based)
- Passing Score: 70%
- Duration: 90 minutes
- Credential: Certified RAG Security Fundamentals (CRAGSF)
- Badge Validity: 1 year (renewable via CEUs or re-exam)
- Badge Platform: Badge.ink / Open Badges compatible
CRAGSF Certification Exam Domains
| Domain | Weight | Description |
| 1. RAG Architecture & Components | 15% | Understand the structure and workflow of RAG systems including the retriever, embedder, vector store, and generator. Covers how data is ingested, stored, and retrieved for generation. |
| 2. Threat Landscape for RAG Systems | 20% | Covers known and emerging security threats such as prompt injection (direct/indirect), data poisoning, embedding attacks, and vector database exploits. Maps OWASP Top 10 for LLMs and MITRE ATLAS. |
| 3. Retrieval Layer and Vector Store Security | 15% | Focuses on securing document ingestion, chunking, indexing, and access control. Includes protection against inference attacks, embedding manipulation, and access-based filtering. |
| 4. Prompt and Output Hardening Techniques | 15% | Techniques to mitigate prompt leakage, jailbreaking, and output manipulation. Includes input validation, output filtering, and role-constrained generation. |
| 5. Secure Development and MLOps Practices for RAG | 15% | Integration of RAG systems into secure MLOps pipelines, CI/CD for retrievers and generators, secure embedding models, and model lifecycle management. |
| 6. Risk Management, Governance & Compliance | 10% | Includes risk register development, threat modeling, compliance alignment (NIST AI RMF, ISO 42001), audit trails, and governance policies for RAG pipelines. |
| 7. Secure Deployment and Monitoring of RAG Systems | 10% | Covers logging, access control, anomaly detection, runtime validation, and use of secure APIs in deployed RAG environments. |
Passing Criteria
- Exam Format: 50–60 multiple choice and scenario-based questions
- Duration: 90 minutes
- Passing Score: 70%
- Delivery: Online or proctored exam platform
- Credential Awarded: Certified RAG Security Fundamentals (CRAGSF)