What Is CompTIA SecAI+?
CompTIA SecAI+ is the industry's first vendor-neutral certification dedicated to securing AI systems and using AI to enhance security operations. The exam, code CY0-001, launched on 17 February 2026 as the first credential in CompTIA's new Expansion Series. If you work in cybersecurity and your organisation is deploying AI tools (which, in 2026, is almost every organisation), CompTIA SecAI+ validates the skills that hiring managers are now actively searching for.
This guide explains every part of the CompTIA SecAI+ certification: the four exam domains, the cost, the format, the career paths it unlocks, and whether it is worth your time and money. SecAI+ is not an entry-level certification, and understanding what it is and is not before you commit will save you significant frustration.
CompTIA SecAI+ Exam Format
The SecAI+ exam is short, scenario-driven, and uniquely focused on AI security. Here are the precise specifications:
| Detail | Specification |
|---|---|
| Exam code | CY0-001 |
| Number of questions | Maximum 60 |
| Question types | Multiple-choice and performance-based (PBQs) |
| Duration | 60 minutes |
| Pass mark | 600 out of 900 |
| Exam fee | $359 USD |
| Delivery | Pearson VUE test centre or OnVUE online proctoring |
| Validity | 3 years (renewable via CE credits) |
| Available since | 17 February 2026 |
Exam Tip: With 60 questions in 60 minutes, you have exactly one minute per question on average. PBQs take longer, so prioritise multiple-choice first and return to PBQs with your remaining time.
The Four CompTIA SecAI+ Domains
The CY0-001 exam covers four domains. Each carries a different weight, telling you how many questions to expect from each area.
| Domain | Weight | Approx. Questions |
|---|---|---|
| 1.0 Basic AI Concepts Related to Cybersecurity | 17% | ~10 |
| 2.0 Securing AI Systems | 40% | ~24 |
| 3.0 AI-Assisted Security | 24% | ~14 |
| 4.0 AI Governance, Risk, and Compliance | 19% | ~12 |
Domain 1: Basic AI Concepts Related to Cybersecurity (17%)
This domain establishes the AI literacy foundation. Topics include:
- Core AI terminology: machine learning, deep learning, neural networks, large language models (LLMs)
- Types of AI systems: supervised, unsupervised, reinforcement learning, generative AI
- AI development lifecycle: data collection, training, validation, deployment, monitoring
- How AI introduces new attack surfaces compared with traditional software
Domain 2: Securing AI Systems (40%)
This is by far the largest domain and the heart of the exam. Expect most of your performance-based questions here. Topics include:
- Threats to AI systems: prompt injection (direct and indirect), model poisoning, data poisoning, adversarial inputs, jailbreaking, model inversion, membership inference
- Security controls for AI: model guardrails, prompt firewalls, rate limits, token limits, input quotas
- Access controls: model access, data access, agent access, network and API access
- Data security: encryption (in-transit, at-rest, in-use), anonymisation, data classification, redaction, masking, minimisation
- Frameworks: OWASP Top 10 for LLM Applications, MITRE ATLAS
For a deeper dive into the scenarios you will face, see our SecAI+ PBQ guide covering the 12 realistic scenario types.
Domain 3: AI-Assisted Security (24%)
This domain flips the perspective: instead of defending AI, you use AI to defend your organisation. Topics include:
- AI-powered threat detection and SIEM integration
- AI-driven vulnerability assessment
- Automated incident response and SOAR platforms
- Behavioural analytics and anomaly detection
- The human-in-the-loop principle for AI security decisions
- Limitations and risks of AI in security operations
Domain 4: AI Governance, Risk, and Compliance (19%)
This domain tests your ability to apply governance frameworks to AI deployments. Beta candidate reports confirm the EU AI Act features heavily. Topics include:
- Compliance frameworks: EU AI Act, NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001, OECD AI Principles
- AI risk classification: unacceptable, high, limited, minimal risk
- Bias and fairness evaluation
- AI transparency and explainability requirements
- Data privacy in AI contexts: GDPR and CCPA implications
Exam Tip: The EU AI Act is the most commonly tested compliance framework on SecAI+. Know the four risk categories and which AI use cases fall into each.
How Much Does CompTIA SecAI+ Cost?
The exam fee is just one component of the total investment. Here is a realistic budget:
| Item | Typical Cost (USD) |
|---|---|
| SecAI+ exam fee | $359 |
| Self-paced training course (Udemy, ITPro) | $30 to $200 |
| Official CompTIA CertMaster Learn | $499 |
| Official study guide (book) | $40 to $60 |
| Practice exams and question banks | Free to $50 |
| Resit fee (if you fail) | $359 |
The bare minimum to sit the exam is $359 with free study resources. A typical realistic budget for first-attempt success is $450 to $700 when you include training and practice questions.
Prerequisites: Who SecAI+ Is For
CompTIA SecAI+ is not an entry-level certification. CompTIA officially recommends:
- 3 to 4 years of IT experience including
- 2+ years of hands-on cybersecurity experience
- Security+, CySA+, PenTest+, or equivalent knowledge
If you have just passed Security+ and have not yet worked in cybersecurity, SecAI+ will be a significant stretch. The exam assumes you understand fundamental security operations and can apply that knowledge to the new context of AI systems.
If you do not yet have the prerequisites, build them first. Read our guides on how to pass CompTIA Security+ on your first attempt and the best IT certifications for 2026.
Career Value: What SecAI+ Unlocks
SecAI+ is a forward-looking certification. The career value comes from being early to a fast-growing skill set, not from a long track record of established hiring patterns. Average salaries for AI security specialists range from $115,000 to $160,000 depending on location and seniority.
Roles Directly Aligned With SecAI+
- AI Security Engineer: designing and implementing controls for AI systems
- AI Risk Analyst: assessing risks of AI deployments
- Machine Learning Security Engineer (MLSecOps): building security into the ML pipeline
- AI Governance Officer: managing compliance with the EU AI Act and similar frameworks
- Senior SOC Analyst (AI-focused): investigating AI-related security incidents
For a deeper exploration of the roles SecAI+ opens up, see our companion guide on SecAI+ career paths.
Why SecAI+ Matters in 2026
Three forces make SecAI+ valuable right now:
- AI deployment is universal. Almost every enterprise is rolling out AI tools, and most do not have dedicated AI security expertise.
- Compliance pressure is rising. The EU AI Act, NIST AI RMF, and similar frameworks are creating audit and governance demand.
- The talent pool is small. As the first vendor-neutral AI security certification, SecAI+ holders are scarce. Being early to a credential is a meaningful career signal.
Is CompTIA SecAI+ Worth It?
Worth It If You Are...
- A security engineer or analyst whose organisation is deploying AI
- A Security+, CySA+, or PenTest+ holder looking for the next strategic credential
- A consultant or contractor wanting to differentiate on AI security
- An MLOps or ML engineer looking to add security expertise
- A career changer with a cybersecurity foundation moving into AI security
Less Useful If You Are...
- Brand new to cybersecurity (Security+ first, then CySA+, then SecAI+)
- A pure data scientist or ML engineer with no security background
- Working in environments with zero AI deployment
How Long Should You Study?
Most candidates with the recommended prerequisites pass SecAI+ with 80 to 120 hours of study spread over 4 to 6 weeks. Without strong prerequisites, plan for double that.
A realistic study split:
- Weeks 1-2: Master AI fundamentals and Domain 1 (foundational concepts)
- Weeks 3-4: Deep study of Domain 2 (Securing AI Systems), with focus on prompt injection, model poisoning, OWASP LLM Top 10, and MITRE ATLAS
- Week 5: Domain 3 (AI-Assisted Security) and Domain 4 (Governance)
- Week 6: Full-length practice exams under timed conditions
SecAI+ vs Other AI Security Credentials
SecAI+ is the first vendor-neutral AI security certification, but it is not the only AI-adjacent credential. Here is how it compares:
| Credential | Issuer | Focus | Best For |
|---|---|---|---|
| CompTIA SecAI+ | CompTIA | Securing AI systems and AI-assisted security | Security professionals adding AI expertise |
| ISC2 CAISP (Certified AI Security Professional) | ISC2 | Strategic AI risk and governance | Senior security leaders |
| Microsoft AI-102 (Azure AI Engineer) | Microsoft | Building AI on Azure | Azure-focused engineers |
| Google PMLE (Professional Machine Learning Engineer) | Google Cloud | ML model deployment | Engineers building ML pipelines |
SecAI+ is the most balanced of these for working security professionals. It is vendor-neutral, scenario-driven, and squarely focused on the security side rather than the ML engineering side.
Ready to Start Practising?
CompTIA SecAI+ is a scenario-driven exam that tests applied knowledge in a brand-new discipline. Reading about prompt injection is not the same as solving a scenario where you must identify the attack vector, select the correct mitigation, and explain why the alternatives are wrong.
CertCrush offers SecAI+ CY0-001 practice exams built to match the format, domain weighting, and difficulty of the real exam. Every question is anchored in OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and the EU AI Act, the four frameworks that drive the SecAI+ blueprint.
Create your free account and start building your AI security expertise today.