We use cookies to ensure that we give you the best experience on our website. Cookies enable us to provide you core functionalities such as security, network management and accessibility. They improve usability and performance through various features such as language recognition, search results and thereby improve what we offer to you.

For more information, please visit our Privacy Policy

CYBER-CAPABLE AI: CRITICAL AIGP EXAM RISKS

Cyber-Capable AI: Critical AIGP Exam Risks
19 May

Cyber-Capable AI: Critical AIGP Exam Risks

136 | AIGP | AI Governance AIGP exam preparation NIST AI RMF cyber-capable AI Red-teaming threat modelling AI security testing EU AI Act Article 15 continuous monitoring

This week the European Parliament put cyber-capable AI on its plenary agenda as a category of its own. The AIGP exam reached the same point earlier; it just uses different vocabulary. Where Strasbourg talks about national readiness for emerging cyber-capable AI models, the IAPP curriculum splits the topic across red teaming, threat modelling, security testing and continuous monitoring. The four terms are not synonyms, and the exam builds its distractors around the gaps between them.

Why Cyber-Capable AI Is an Exam Category

Two sources, one subject. The European Parliament debate is framed as a question of national defence. The AIGP exam frames the same problem as a governance question inside an organisation. The IAPP Body of Knowledge, which sets out every topic the AIGP can examine, splits the cyber-capable AI surface across four operational concepts. A candidate who treats them as interchangeable will misread roughly a third of the security-flavoured scenarios. The exam rewards precision here; it punishes pattern-matching on technical-sounding nouns. The newly visible policy debate adds urgency, but the underlying exam content already sits in the published curriculum.

Four Cyber-Capable AI Concepts the Exam Treats as Distinct

The cyber-capable AI attack surface is not one thing; it is four. Each concept maps to a different point in the AI life cycle, a different actor and a different evidence trail. Read them out of order and the scenario collapses.

Red teaming

Red teaming is structured adversarial probing of a deployed or near-deployed system. A team of internal or external specialists tries to break the model the way an attacker would; through prompt injection, jailbreaks, training-data extraction or coercion into unsafe outputs. The exam places this work in release readiness and post-market contexts, never at the design stage. Confusing red teaming with penetration testing is the most common distractor; penetration testing targets infrastructure, red teaming targets the model itself.

Threat modelling

Threat modelling sits at the opposite end of the life cycle. It is an ex-ante exercise that maps attack surface, threat actors, assumptions and trust boundaries before the system goes into build. STRIDE and similar frameworks belong here. In AIGP scenarios, threat modelling appears when the stem describes design, architecture or contract negotiation. If the scenario mentions a vulnerability discovered after launch, threat modelling is the wrong answer.

Security testing

Security testing covers data poisoning checks, adversarial example resilience, model integrity, dependency scanning and the verification of robustness claims under the AI Act. The AIGP places security testing inside the training and testing block of the life cycle, alongside bias testing and interpretability work. The trap is to read "testing" as a single activity; the exam treats security testing as one item in a wider verification programme that includes both technical work and documentation.

Continuous monitoring

Continuous monitoring is a programme, not a scan; schedule, triggers, ownership, escalation, retraining. It runs after deployment and feeds the post-market monitoring plan required by the AI Act. The continuous monitoring obligations attached to a high-risk system run wider than candidates expect. The exam draws a sharp line between scheduled monitoring (covered here) and reactive incident response (a different domain).

Why the Same Word Appears in Different Places

Here is the trick the exam exploits. Each of the four cyber-capable AI activities appears in more than one part of the curriculum, attached to different governance obligations. Red teaming sits inside both release readiness and deployment-stage assessment. Security testing sits inside training, release and ongoing assurance. The stem of an AIGP question almost never repeats the term in isolation; it gives you a life-cycle clue. Vendor evaluating its model before shipping? One cluster of obligations. Deployer running periodic audits on a procured model? The cluster shifts entirely.

That clue is what the exam actually rewards. Read the actor first, then the stage; only then go looking for the technical term.

Article 15, Article 26 and Who Owns What

Article 15 of the AI Act assigns cybersecurity, accuracy and robustness obligations to the provider of a high-risk cyber-capable AI system. Article 26 assigns use-time obligations to the deployer; monitoring instructions, human oversight, log retention. AIGP candidates consistently lose marks on questions where the two get swapped. A common distractor places provider obligations on deployers, or pushes general-purpose AI model obligations onto a system that has not been classified as general-purpose AI with systemic risk. Different thresholds, different evidence, different penalties; the words look similar but the regimes do not.

The NIST AI Risk Management Framework appears here as a comparative tool for cyber-capable AI work. Its MEASURE function aligns with how the AIGP defines security testing and continuous monitoring. The exam will not ask you to recite the four NIST functions, but it can ask you to place MEASURE-style work inside the AI Act framework.

Reading the Stem Without the Vocabulary Trap

Three things to keep in front of you when a cyber-capable AI scenario lands on the screen. First, identify the life-cycle stage; design, training, release or post-market. Second, identify the actor; provider, deployer or both. Third, only then choose the term. Most candidates work this in reverse, latching onto a technical noun and matching it to a familiar answer; that is exactly the failure mode the distractors are built to catch.

A wider shift sits behind all of this. Cyber-capable AI is the part of the curriculum where operational practice is moving faster than the regulation; the Strasbourg debate is a marker of that shift. Post-market AI governance is becoming operational rather than declarative, and the AIGP scenarios increasingly look like real audit conversations rather than textbook recall. Candidates who treat published AI evaluation reports as ordinary reading material get a meaningful edge over candidates who study only from coursebooks.

The 22Academy Study page hosts free assessments and the Exam Question Masterclass; the latter walks through the actor-stage-term sequence on real scenario stems.

Share this Post

Completely Up To Date

Completely Up To Date

Become an AI Governance Professional!

SAVE YOUR SEAT

Ready to kick-start your career?

GET STARTED NOW

Categories

About The Blog

Stay up to date with the latest news, background articles, and tips for your study.

Our latest video

22Academy

Tailored Training Solutions

Let's find the best education solution for your situation. We will contact you for Free Support!

Success! Your message has been sent to us.
Error! There was an error sending your message.
It’s for:
We will only use your email address to contact you regarding your education needs. We do not sell your personal data to third parties.