Table of Contents

CompTIA SecAI+ (CY0-001) is the certification for cybersecurity professionals who secure artificial intelligence systems and use AI to defend the enterprise. It validates your ability to understand AI fundamentals, protect AI systems from adversarial attacks, apply AI to security operations, and govern AI use responsibly. This course covers all four exam domains so you build the practical and governance skills needed to pass. CompTIA recommends 3 to 4 years of IT experience with at least 2 years of hands-on cybersecurity work, plus Security+, CySA+, or PenTest+ knowledge.

DomainTitleExam Weight
1.0Basic AI Concepts Related to Cybersecurity17%
2.0Securing AI Systems40%
3.0AI-assisted Security24%
4.0AI Governance, Risk, and Compliance19%

Exam details: Maximum of 60 questions, multiple-choice and performance-based, 60 minutes, passing score of 600 on a scale of 100 to 900. The exam is available in English and launched on February 17, 2026.

Resources


Basic AI Concepts

  • Explain core AI and machine learning concepts, including generative AI, deep learning, transformers, GANs, and natural language processing
  • Compare learning methods, including supervised, unsupervised, reinforcement, and federated learning
  • Understand language models, including large and small language models, system and user prompts, and zero, one, and multi-shot prompting
  • Apply model optimization techniques, including fine-tuning, pruning, quantization, and model validation
  • Manage data for AI, including data cleansing, lineage, provenance, integrity, augmentation, and balancing
  • Distinguish data types, including structured, semi-structured, and unstructured data
  • Describe grounding and oversight techniques, including retrieval-augmented generation, embeddings, vector storage, watermarking, and human-in-the-loop

Domain 2: Securing AI Systems (40%)

Securing AI Systems

  • Reference AI security frameworks, including the OWASP LLM Top 10, OWASP ML Security Top 10, MITRE ATLAS, and the MIT AI Risk Repository
  • Implement AI access controls for endpoints, models, data, agents, and APIs
  • Apply data protection, including encryption in transit, at rest, and in use, plus anonymization, redaction, masking, and minimization
  • Deploy runtime controls, including model guardrails, prompt firewalls, rate limiting, token and input quotas, and modality limits
  • Monitor AI systems with prompt monitoring, log sanitization, log protection, confidence scoring, and cost monitoring
  • Defend against adversarial attacks, including prompt injection, jailbreaking, model and data poisoning, backdoor and trojan attacks, model inversion, model theft, and membership inference
  • Mitigate application-layer risks, including insecure output handling, excessive agency, model denial of service, and AI supply chain attacks

At 40% this is the heaviest-weighted domain, so build deep hands-on familiarity with adversarial threats and AI-specific controls.


Domain 3: AI-assisted Security (24%)

AI-assisted Security

  • Use AI security tools, including IDE, browser, and CLI plug-ins, chatbots, personal assistants, and Model Context Protocol servers
  • Apply AI to defensive tasks, including anomaly detection, pattern recognition, vulnerability analysis, incident management, threat modeling, and fraud detection
  • Automate security operations with low-code and no-code workflows, document synthesis, ticket management, and AI-assisted approvals
  • Integrate AI into the development pipeline, including CI/CD code scanning, software composition analysis, regression testing, and model testing
  • Recognize offensive misuse of AI, including deepfakes, impersonation, misinformation, disinformation, and AI social engineering
  • Understand AI-driven attack techniques, including AI reconnaissance, obfuscation, automated attack generation, payload generation, and AI-generated malware

Domain 4: AI Governance, Risk, and Compliance (19%)

AI Governance, Risk, and Compliance

  • Establish AI governance structures, including an AI Center of Excellence and AI policies and procedures
  • Identify AI roles and responsibilities, including data scientists, AI architects, MLOps engineers, AI security architects, and AI auditors
  • Apply responsible AI principles, including fairness, reliability and safety, transparency, privacy and security, explainability, inclusiveness, and accountability
  • Assess AI risks, including bias, accidental data leakage, reputational loss, intellectual property exposure, autonomous systems risk, and shadow AI
  • Comply with AI laws and frameworks, including the EU AI Act, OECD AI Principles, ISO AI standards, and the NIST AI Risk Management Framework
  • Govern AI adoption, including sanctioned versus unsanctioned AI, private versus public models, third-party compliance evaluation, and data sovereignty

Work through all four domains, then test your readiness with the CompTIA SecAI+ Practice Test before exam day. SecAI+ pairs well with Security+, CySA+, and PenTest+, so review those foundations if you need them. For more certification courses and hands-on playbooks, visit Courses and Playbooks .