What is CompTIA SecAI+?

CompTIA SecAI+ is the world’s first certification dedicated specifically to AI security. Launched on 17 February 2026, it’s designed for cybersecurity professionals who need to understand how AI is changing the threat landscape — both as a tool defenders can use and as an attack surface that needs protecting.

Unlike general AI certifications aimed at developers or data scientists, SecAI+ focuses squarely on security. It’s vendor-neutral, covering AI security principles, operational techniques, and governance frameworks that apply regardless of which tools or cloud platforms your organisation uses. Think of it as Security+ with AI woven into every domain.

The exam covers five core areas: AI security fundamentals, securing AI systems and infrastructure, AI-assisted security operations, AI governance and compliance, and defending against AI-driven threats like adversarial machine learning, prompt injection, and automated malware.

CY0-001 Exam Code
60 Questions (max)
60 min Duration
600 Passing Score
3–4 yrs Recommended Experience

Chapter 1: Why SecAI+?

CompTIA had been teasing this one for a while — a few LinkedIn posts here, a growing Reddit thread there. People in my position were starting to pay attention, and there was genuine hype building. CompTIA essentially took Security+ and folded AI into it, creating something that felt timely and purposeful rather than just a cash grab.

With the rise of AI and cybersecurity evolving at such a rapid rate, I instantly saw the value in having a cert like this against your name. But the thing that really tipped me over the edge wasn’t the cert itself — it was how I found out about it.

The Email I Wasn’t Expecting

I had never taken part in a beta exam before and genuinely hadn’t realised you didn’t have to be a famous cybersecurity thought leader to get involved. You can imagine my surprise when an email landed in my inbox from CompTIA, asking if I wanted to take part in the beta testing process.

You do have to provide them with a rough idea of your background and career experience, and if you have what they’re looking for, you receive a unique invite code to register. I had only just passed my CompTIA Security+ at the end of August 2025 and felt like I needed a break from studying. But this felt different. I wanted to be one of the first to pass this exam — and it’s a great story to tell.

💡 The Beta Advantage

The beauty of a beta exam isn’t just the satisfaction of being an early passer — it’s the money you save too. A pass guarantees a free certification. If CompTIA opens up another beta opportunity, take it.

Chapter 2: Preparing for the Unknown

After booking my exam for the 25th of October 2025, I realised something quite important — how was I actually going to prepare for this? Previously I’d always had a recommended YouTuber or a structured course to lean on. No Messer or Dion to save me this time.

Starting at Square One

So I started at square one — the place I always begin any certification journey. Download the exam objectives, understand the weighting of each domain, and honestly assess your own strengths and weaknesses.

💡 The Traffic Light Method

Print a copy of the exam objectives and use a highlighter traffic light system to self-assess:

  • 🟢 Green — Already strong on this. Light review needed.
  • 🟡 Amber — Decent foundation but needs work. Prioritise this.
  • 🔴 Red — Weak or unfamiliar. This is where your time goes.

Being honest about the red areas upfront is what separates efficient studying from just going through the motions.

Building an Anki Deck

From there, I started building Anki cards based on the exam domains — perfect for the commute. Flashcards work brilliantly for this type of cert because so much of the content is terminology-heavy: AI attack vectors, compliance frameworks, governance models. You need that information to be second nature by exam day.

What I Already Knew

Having worked with AI in my previous Junior Security Analyst role, I had a solid foundational understanding of how AI can be leveraged in SIEM and SOAR workflows, incident response, and vulnerability detection. That gave me a useful head start on the operational side of the exam.

⚡ The GRC Reality Check

What became clear fairly quickly was that there’s a strong GRC element to this exam. You can configure AI correctly and do everything by the book, but without solid Governance, Risk, and Compliance knowledge underpinning it all, it’s like a house of cards.

Chapter 3: The Study Process

Without a Professor Messer playlist to work through, I had to be more creative and self-directed than usual. Here’s what actually made a difference.

Hands-On Learning with Ollama

Reading about AI security is one thing. Getting your hands dirty is another entirely. My recommendation is to start with Ollama — a free, lightweight tool that lets you run large language models locally on your own machine. No cloud costs, no API keys, no risk. Just you, a model, and a sandbox to experiment in.

The OWASP Top 10 for LLMs

Once you’ve got something running locally, the OWASP Top 10 for LLMs (2025 edition) is an excellent guide for your testing — the AI equivalent of the web security Top 10 you may already know.

📋 OWASP Top 10 for LLMs (2025)
  • ⚡ Prompt Injection
  • 🔓 Sensitive Info Disclosure
  • 🔗 Supply Chain Risks
  • ☠️ Data & Model Poisoning
  • 📤 Improper Output Handling
  • 🤖 Excessive Agency
  • 🔍 System Prompt Leakage
  • 📦 Vector & Embedding Weaknesses
  • 💬 Misinformation
  • ⚠️ Unbounded Consumption
💡 Use AI to Study AI

Claude or ChatGPT can generate tailored mock quizzes for any SecAI+ domain. Try this prompt:

“I’m preparing for CompTIA SecAI+ (CY0-001). Take on the role of an exam invigilator, review the official exam objectives, and create a 10-question mock quiz focused on [domain]. Evaluate my answers and explain any mistakes.”

Chapter 4: The Exam Itself

⚠️ Exam Confidentiality Notice

Out of respect for CompTIA’s NDA, I won’t share specific questions, answers, or detailed scenarios. What follows is my general experience and the types of question formats you can expect.

The exam is challenging in an interesting way. It’s not trying to catch you out with trick questions — it’s genuinely assessing whether you understand how AI is changing the threat landscape and what that means for defenders. There were questions that required real reasoning through scenarios, not just definition recall.

The Format

The format will be familiar if you’ve taken other CompTIA exams — multiple choice and performance-based questions — but the subject matter keeps you on your toes. This felt like one of the harder exams I’ve taken with CompTIA. It was very easy to start second-guessing myself, because there are multiple valid approaches to AI safety, and the challenge is always picking the most appropriate method.

Where It Catches People Out

If you’re more of an engineer than a GRC buff, I’d strongly encourage you to get comfortable with the fundamentals of Governance, Risk, and Compliance before sitting this one.

💡 Advice for Engineers Especially

Zoom out. Don’t get lost in the technical intricacies of AI. Start thinking about how to make AI safe in a governance and compliance sense, and you’ll be in a much better position. The exam rewards a security mindset, not just a technical one.

Chapter 5: The Wait for Results

Beta exams have one quirk that can drive you slightly mad: you don’t get your results on the day. CompTIA collects responses from all beta candidates, validates and finalises the exam questions, and then releases results in bulk months later. So I just had to wait.

The Dashboard Check Loop

I checked my CompTIA dashboard more times than I’d like to admit. Every few days, a quick glance to see if anything had changed. It hadn’t — until it had. One random day in February 2026, sitting on the couch with a coffee and my wife, there it was.

✅ A Pass.

I won’t pretend I wasn’t relieved. But more than that, I was glad I’d taken the leap. It confirmed something I’d suspected going in: that engaging seriously with the AI side of security was the right move.

📌 A Note on Beta Timing

The SecAI+ beta (CY1-001) closed on 31 October 2025. The live exam launched on 17 February 2026, with beta results released around the same time. If you missed the beta, the live exam is now available through Pearson VUE.

Chapter 6: Why This Cert Matters

We’re at a point in the industry where AI literacy is becoming a baseline expectation for security professionals. It’s not enough to know that AI exists in your tools — you need to understand how those tools can be compromised, how adversaries are using AI to scale their attacks, and how to build defences that account for all of that.

For Those Just Starting Out

If you’re early in your cybersecurity journey, SecAI+ isn’t aimed at you yet — CompTIA recommends 3–4 years of IT experience and 2+ years of hands-on security work. But that doesn’t mean you should ignore AI. Build your AI literacy now. Understand what prompt injection is. Learn why data poisoning matters. By the time you’re ready to sit this exam, you’ll already have the foundation.

For Those a Few Years In

If you’re a working analyst, engineer, or SOC professional — this cert is worth serious consideration. AI knowledge isn’t optional anymore. The sooner you build it, the better positioned you’ll be.

The Bottom Line

The SecAI+ is one of the clearest signals available that you’ve taken AI security seriously. And if CompTIA opens up another beta opportunity? Take it. Have you looked into the SecAI+ exam? Drop your thoughts in the comments or send me a message.

Bonus: Tips for Taking SecAI+

📚 Study Phase

💡 Start with the Official Exam Objectives

Download them from CompTIA’s website, print them out, and traffic-light your knowledge before you do anything else. It takes 20 minutes and immediately tells you where to spend your time.

💡 Build an Anki Deck Early

SecAI+ is terminology-heavy. Flashcards on your commute are one of the most efficient study habits you can build. Start your deck before you feel ready to.

💡 Get Hands-On with Ollama + OWASP

Set up Ollama locally and work through the OWASP Top 10 for LLMs one entry at a time. Practical experience makes theoretical concepts stick far more reliably than re-reading notes.

💡 Don’t Neglect GRC

The most common mistake engineers make with this exam. Spend real time on governance, risk, and compliance frameworks — it pays off.

🎯 Exam Day

⚠️ Multiple Correct-Looking Answers

AI safety has multiple valid approaches. The question is always: what is the most appropriate method in the given scenario? Read carefully and think in context.

💡 Flag and Return

Answer every question, flag anything you’re unsure about, and revisit at the end. Later questions can give you context that unlocks earlier ones.

Remember

A pass is a pass. The minimum is 600 on a scale of 100–900 — and that’s all you need. The SecAI+ is one of the more interesting exams I’ve sat. Good luck if you’re preparing for it — I’m rooting for you.

Ready to Start Your SecAI+ Journey?

Check out more certification guides on the blog, or get in touch if you have questions about the beta experience.

More Cert Guides → Get in Touch →