Back to blog
Certification Deep Dives10 min read

GIAC AI Security Automation Engineer (GASAE) Explained: Domains, Cost and Is It Worth It in 2026?

GASAE is GIAC's new hands-on AI security automation certification. We break down the 10 exam domains, the CyberLive format, the cost, and whether it is worth sitting in 2026.

Tom Ashford

Tom Ashford · Security Certifications Lead

16 July 2026

The GIAC AI Security Automation Engineer (GASAE) is one of the newest hands-on certifications in cybersecurity, and it arrives at exactly the moment employers are trying to work out who can actually wire AI into security operations rather than just talk about it. If you have watched the flood of AI-security credentials land in 2026 and wondered which ones prove real skill, GASAE is worth a serious look. It is a CyberLive, lab-based exam, so you cannot bluff your way through it with memorised acronyms.

This deep dive covers what GASAE tests, the ten exam domains, the cost, the exam format, how it compares to GIAC's other AI certifications, and an honest verdict on whether it is worth your time and money in 2026.

What Is the GIAC GASAE Certification?

GASAE validates your ability to apply practical, real-world automation and artificial intelligence across offensive, defensive and cloud security operations. In plain terms, it proves you can build and run the automated workflows that modern security teams increasingly depend on, and that you can do it safely with AI in the loop.

It is one of four AI-focused certifications GIAC and SANS launched to meet the surge in demand for validated, role-based AI skills, sitting alongside the GIAC Offensive AI Analyst (GOAA) and the GIAC AI Platform Security (GAIPS). Where GOAA leans offensive and GAIPS leans on securing the AI platform itself, GASAE is the automation and orchestration credential that ties red, blue and cloud work together.

The certification maps to the SANS course SEC598: Automate Security with Generative AI (also delivered as AI and Security Automation for Red, Blue, and Purple Teams). You do not have to take the course to sit the exam, but the objectives are built around its content.

Exam Tip: GASAE is a CyberLive certification. That means hands-on lab tasks in a live environment, not multiple-choice recall. Practise in a real terminal, not just with flashcards.

GASAE Exam Domains: What Is Actually Tested

GASAE covers ten objective areas. They span the fundamentals of AI and automation, offensive and defensive workflows, cloud incident response on both AWS and Azure, and the SOAR and detection engineering work that pulls it all together.

Here is the full breakdown of the ten domains and what each one focuses on.

#DomainFocus
1Adversary Emulation FundamentalsEmulation frameworks and the automation techniques behind them
2Artificial Intelligence FundamentalsAI processes, LLMs, retrieval-augmented generation and agentic AI
3Automating Offensive WorkflowsDeploying agentic AI and cloud adversary emulation platforms
4Automating WorkflowsScripting, infrastructure as code and incident response automation
5AWS Cloud Security and Incident Response AutomationCompliance, logging and AI-assisted security workflows in AWS
6Azure Cloud Security and Incident Response AutomationMicrosoft Defender, Sentinel and infrastructure as code
7Defensive Security AutomationAgent deployment and SOC integration
8Security Automation FundamentalsCore terminology and DevOps principles
9Security Orchestration Automation and Response (SOAR)Playbooks and tool integration
10Detection Engineering and Incident ResponseForensic tooling and generative or agentic AI integration

The three themes that run through every domain

Read the domains together and three themes stand out.

  • AI is treated as a tool and a target. You are expected to use LLMs and agentic AI to speed up security work, and to understand where that same AI introduces risk.
  • Automation is cross-team. Offensive emulation, defensive SOC work and cloud incident response all appear, which is why the marketing calls it a red, blue and purple team cert.
  • Cloud is not optional. Both AWS and Azure get their own dedicated domains, so you cannot specialise in one and ignore the other.

If your day job already involves writing playbooks, building detections, or scripting incident response, a good chunk of this will feel familiar. The AI and agentic elements are the part most candidates will need to skill up on.

GASAE Exam Format and Key Facts

GASAE follows the standard GIAC exam structure, delivered in the CyberLive hands-on format. Here are the concrete details you need before you book.

  • Questions: 82
  • Time limit: 3 hours
  • Passing score: 70 percent (for the exam version released on or after 10 April 2026)
  • Format: CyberLive, performance-based lab tasks in a live environment
  • Delivery: Web-based and proctored, either remotely via ProctorU or onsite at a PearsonVUE centre
  • Activation window: 120 days from activation to complete your certification attempt
  • Renewal: Four-year cycle with Continuing Professional Education (CPE) credits

Exam Tip: You get 120 days from activation to sit the exam. Book a target date early and work backwards, because CyberLive labs reward consistent hands-on practice over last-minute cramming.

The CyberLive format is the single most important thing to understand about GASAE. GIAC introduced CyberLive so that certifications validate what you can do, not just what you can recall. You will be dropped into a realistic lab with real tools and asked to complete practical tasks, which means shallow prep does not survive contact with the exam.

How Much Does GASAE Cost in 2026?

GASAE is priced as a standard GIAC certification. Based on GIAC's published pricing, expect the following in US dollars, excluding sales tax.

ItemPrice (USD)
Certification attempt$999
Retake / additional attempt$899
Official GIAC practice test$399

That $999 is for the exam attempt on its own. If you take the affiliated SANS SEC598 training, the cost is far higher, because SANS courses run into several thousand dollars on top of the exam. Many candidates who are not employer-funded choose to self-study against the objectives and buy the exam attempt directly.

Two practice tests are usually available and are strongly recommended for a CyberLive exam, because they simulate the real format rather than just quizzing you on theory. Budget for at least one.

GASAE vs GIAC's Other AI Certifications

GASAE is one of a family. If you are choosing between the GIAC AI credentials, the quickest way to decide is to match the cert to the work you want to do.

CertificationBest forFocus
GASAE (AI Security Automation Engineer)Engineers automating SOC, cloud and emulation workOrchestration, SOAR, cross-team automation
GOAA (Offensive AI Analyst)Red teamers using AI offensivelyOffensive AI attack tools and techniques
GAIPS (AI Platform Security)Defenders securing GenAI apps and LLM pipelinesAuditing and securing AI platforms

Choose GASAE if your goal is to be the person who builds the automated glue between tools, teams and cloud platforms, with AI accelerating the work. Choose GOAA if you want to weaponise AI in offensive engagements, and GAIPS if your focus is locking down the AI systems themselves.

It is also worth putting GASAE next to the broader AI-security field. Vendor-neutral options like CompTIA SecAI+ and governance-focused credentials like the ISACA AAISM sit at a more conceptual level. GASAE is the hands-on, build-it option, which is exactly why the CyberLive format matters so much.

Who Should Take GASAE?

GASAE is not an entry-level certification. It assumes you already understand security operations and can hold your own in a terminal. It is a strong fit if you are one of the following.

  • A SOC engineer or analyst who wants to move from running playbooks to building and automating them.
  • A detection engineer looking to fold generative and agentic AI into your detection and response pipelines.
  • A cloud security engineer working across AWS and Azure who needs to prove automation skill, not just configuration knowledge.
  • A red or purple team operator who wants to automate adversary emulation at scale.

If you are new to cybersecurity, start with a foundation like CompTIA Security+ or an entry cloud credential first, then come back to GASAE once you have real operational experience. Trying to pass a CyberLive automation exam without hands-on background is an expensive way to learn that lesson.

Is GASAE Worth It in 2026?

Here is the honest verdict. GASAE is worth it if security automation is the direction you are already heading, and less so if you just want a line on your CV.

The case for it is strong. Security teams are drowning in alerts and are turning to automation and AI to cope, so the skills GASAE validates are in genuine demand. Because it is CyberLive, it proves you can actually do the work, which carries more weight with hiring managers than recall-based exams. And as a brand-new credential, holding it early makes you a first mover in a hiring market that is still figuring out which AI-security certifications to trust.

The case against it is about fit and cost. At $999 for the attempt (far more with SANS training), it is not a casual purchase. It is also specialised, so if your role has no automation or AI component, the return is thinner. And no AI-security certification has yet reached the market dominance of a Security+ or a CISSP, so treat GASAE as a powerful specialist credential rather than a foundational one.

For engineers already living in playbooks, cloud consoles and detection pipelines, GASAE is one of the most relevant new certifications of 2026. For everyone else, get the fundamentals and hands-on experience first, then decide.

Exam Tip: Because GASAE is so new, public study material is thin. Lean on the official objectives, build a home lab across AWS and Azure, and drill the automation and SOAR domains hardest, since they carry the most weight in day-to-day scoring.

How to Prepare for GASAE

With limited third-party material available, a structured, hands-on plan beats passive reading every time.

  1. Map the ten domains and rate yourself on each. Be brutally honest about the AI and agentic-AI objectives, which are new for most candidates.
  2. Build a lab. Stand up free-tier AWS and Azure environments, wire in logging, and practise incident response automation end to end.
  3. Automate something real. Write a SOAR playbook, script an incident response task, and integrate an LLM into a detection workflow. The exam rewards people who have actually done this.
  4. Drill under exam conditions. Use a GIAC practice test to get comfortable with CyberLive tasks and the three-hour time budget.
  5. Reinforce with practice questions. Targeted question banks help you find weak domains fast, so you spend lab time where it counts.

The candidates who pass CyberLive exams comfortably are the ones who treated preparation as building, not memorising.

Ready to Start Practising?

GASAE rewards hands-on skill, and the fastest way to find your weak domains is to test yourself against realistic questions before you book. CertCrush helps you prepare for AI-security and cloud certifications with focused practice that mirrors the real exam format.

Get the fundamentals solid, put in real lab hours, and use targeted practice to close the gaps. Do that, and a CyberLive certification like GASAE becomes a challenge you can plan for rather than fear.

GASAEGIACAI securitysecurity automationSOARSANS SEC598certification
Tom Ashford

Written by

Tom Ashford · Security Certifications Lead

Tom spent over a decade in security operations and consulting before turning to full-time exam-prep writing. He covers the big security certifications — CISSP, CISM, CISA, Security+ and the rest of the alphabet — with a soft spot for the questions everyone gets wrong. His rule for every article: if it doesn’t help you score marks, it doesn’t go in.

All articles by Tom

Want a GASAE practice course?

We don’t cover this exam yet — we build the most-requested courses first. One click tells us you want it.

Ready to crush this exam?

Set your exam date, follow a daily plan, and watch your readiness score climb — realistic practice with an explanation for every answer.