AI Security Engineering Readiness Assessment

A rigorous, standards-aligned, learning-first assessment covering LLM application security, prompt injection, RAG security, agent security, model supply chain, MLOps, AI SDLC, privacy, governance, red teaming, incident response, vendor risk, and secure architecture. This is a readiness benchmark and educational resource, not an accredited certification.

200 q · 180m

Question 1 of 2001%

model supply chain

A CVE is published for a library used only during model conversion from one format to another. Why might it still matter for production security?

The vulnerable converter is not part of the final inference container, but the build pipeline uses it to prepare model artifacts that are later deployed.

A. It cannot matter because production does not import the converter library.B. It is solved by adding a prompt saying the model should not behave maliciously.C. It only matters if the final model gives inaccurate answers.D. A compromised or vulnerable conversion step can tamper with artifacts or execute.