Back to blog
Certification Deep Dives9 min read

ISC2's New AI Security Certification Explained: What We Know So Far in 2026

ISC2 is building a brand-new, vendor-neutral AI security certification with a pilot exam due in late 2026. Here is everything confirmed so far, plus how it stacks up against CompTIA SecAI+ and ISACA AAISM, and whether you should wait for it.

Tom Ashford

Tom Ashford · Security Certifications Lead

17 July 2026

On 15 July 2026, ISC2 confirmed it is building a brand-new AI security certification. This is the first time the organisation behind the CISSP has committed to a standalone, exam-based credential focused entirely on securing AI systems, and it lands right in the middle of the busiest year the certification market has ever seen for artificial intelligence. If you are trying to decide whether to wait for the ISC2 AI security certification or take an AI security cert that already exists, this guide walks through every confirmed detail, clears up the confusion with ISC2's existing AI products, and gives you a straight answer on what to do next.

The short version: the exam does not exist yet, a pilot is expected in late 2026, and anyone building AI security skills now will be in a strong position when it arrives. Here is the full picture.

What ISC2 Actually Announced

ISC2 announced on 15 July 2026 that it has begun developing a new AI security certification and opened a global call for volunteers to help shape it. The credential is being built through ISC2's practitioner-led methodology, the same process used to create the CISSP, CCSP and CGRC, and it is designed to establish a trusted, vendor-neutral AI security standard for cybersecurity professionals.

The goal is a credential that validates a professional's ability to securely design, implement and manage AI systems, manage AI threats and mitigate AI risk. Rather than testing knowledge of any single vendor's tooling, it will sit above the platforms and focus on principles that transfer across Azure, AWS, Google Cloud and on-premises AI stacks.

Key fact: ISC2 confirmed development of the certification on 15 July 2026 and anticipates administering a pilot exam in late 2026. There is no general availability date and no exam code yet.

This matters because ISC2 credentials carry weight with employers and, in many countries, with government hiring frameworks. A vendor-neutral AI security certification from ISC2 has the potential to become the management-and-architecture equivalent of what the CISSP is for general security leadership.

The Confusion: Certification vs Certificate vs Embedded AI

ISC2 now has three separate AI things, and the names are close enough to trip people up. It is worth being precise, because they are not interchangeable.

  • The new AI security certification (the subject of this post). A full, exam-based credential, currently in development, with a pilot expected in late 2026. This is a certification, meaning it involves a proctored exam, ongoing continuing professional education (CPE) requirements and, almost certainly, an experience requirement in the CISSP mould.
  • The ISC2 AI Security Certificate. A self-paced professional development product made up of six courses. It is a certificate of completion, not a certification, and there is no adaptive exam or experience requirement. It is useful for building knowledge but does not carry the same weight as a certification.
  • AI embedded across existing certifications. On 2 April 2026, ISC2 published exam guidance that folds AI security concepts into all nine of its existing certifications through the normal exam refresh cycle. So the CISSP, CCSP, SSCP and the rest now test AI-related content regardless of whether you ever sit the new AI cert.

Exam Tip: If a training provider tells you that you can "get ISC2 AI certified today", check whether they mean the self-paced AI Security Certificate or the new exam-based certification. Only the certificate exists right now. The certification is still in development.

How the ISC2 Certification Is Being Built

ISC2 is following its standard three-phase development process. Understanding it tells you roughly how far away the finished exam is.

  1. Definition. ISC2 engages volunteers, both members and non-members, from around the world to identify the knowledge, skills and abilities needed to secure AI systems. This is a job task analysis, and it defines the exam blueprint.
  2. Development. ISC2 member volunteers write the individual items and questions that will make up the pilot exam, mapped to the blueprint agreed in the definition phase.
  3. Delivery. ISC2 administers pilot exams and analyses the results to make sure the questions accurately measure the intended skills before the certification goes to general availability.

The pilot exam in late 2026 sits inside that third phase. Historically, a pilot is not the finished product: results are used to set the passing standard and retire weak questions, so general availability usually follows some months later. Expect the fully launched certification in 2027 rather than by the end of 2026.

The Likely Exam Domains

ISC2 has signalled that the certification development will examine how professionals apply established security principles to AI-shaped environments. The confirmed focus areas are:

  • Risk management for AI systems
  • Secure-by-design methodology for AI
  • Data protection across AI pipelines and models
  • Governance and oversight of AI

These are principle-led, not tool-led, which reinforces the vendor-neutral positioning. If you have studied for the CISSP or CCSP, this framing will feel familiar: it is about how you reason through securing a system, not which button you click in a specific console.

Who Is This Certification For?

Based on ISC2's language and its existing portfolio, the new certification is aimed at experienced security professionals who need to secure, govern and architect AI systems rather than absolute beginners. Think security engineers, architects, risk leaders and consultants who are already comfortable with core security concepts and now need to prove they can extend them to AI.

That places it above entry-level AI awareness training and alongside the more strategic AI credentials already on the market. If you are brand new to security, the sensible path is still to build a foundation first, for example with Security+ or the ISC2 CC, then layer AI security on top.

ISC2 AI Cert vs CompTIA SecAI+ vs ISACA AAISM

The obvious question is whether to wait for the ISC2 certification or take one that already exists. The two flagship AI security certifications available right now are CompTIA SecAI+ and ISACA AAISM, and they serve different people. Here is how the three compare on what we currently know.

FeatureISC2 AI Security CertCompTIA SecAI+ISACA AAISM
StatusIn development, pilot late 2026Available nowAvailable now
PositioningVendor-neutral, design and govern AI securityHands-on practitioner, secure AI day to dayStrategic AI security management and governance
PrerequisiteNot confirmed (expect experience requirement)NoneActive CISM or CISSP required
Exam formatNot published yet60 questions, 60 minutes, multiple choice plus PBQs90 questions across three domains
Approximate costNot published yetAround 349 US dollarsAround 459 US dollars (member), 599 (non-member), plus 50 dollar application fee
Best forExperienced pros wanting an ISC2-branded AI standardAnalysts and engineers who touch AI systemsManagers and auditors governing enterprise AI risk

The practical takeaway is that these are not really rivals fighting over the same candidate. CompTIA SecAI+ is the no-prerequisite, keyboard-level certification most practitioners should reach for first. ISACA AAISM is the boardroom-level, CISM or CISSP-gated management credential. The ISC2 certification, once it lands, is most likely to compete with AAISM for the architecture-and-governance audience while carrying ISC2's strong brand recognition and DoD 8140 familiarity.

Exam Tip: AAISM requires an active CISM or CISSP just to certify. If you want a management-level AI credential and do not yet hold either, focus on passing the CISSP or CISM first, because that prerequisite is also the most likely gate on the eventual ISC2 AI certification.

Should You Wait for It or Certify Now?

For almost everyone, the answer is: do not wait. Here is the reasoning.

The ISC2 certification is a year or more from a stable, generally available exam. Careers and hiring rounds do not pause for that long, and the skills the exam will test are already in demand. Every hour you spend now learning to secure AI models, protect training and inference data, threat-model AI pipelines and apply governance frameworks is directly transferable, whichever certification you eventually sit.

Choose your near-term move based on where you are:

  • Hands-on practitioner or SOC analyst. Take CompTIA SecAI+ now. It has no prerequisites and validates the day-to-day skills employers are hiring for today. See our SecAI+ deep dive and the SecAI+ vs AAISM comparison.
  • Security manager, risk leader or auditor. Take ISACA AAISM if you already hold CISM or CISSP. If you do not, earn one of those first, which also positions you for the ISC2 certification later.
  • Aiming squarely at the ISC2 credential. Lock in your CISSP or CCSP now, keep your CPEs current, and consider volunteering for the ISC2 development effort. Contributing to the item-writing is one of the best ways to understand an exam before it launches.

Waiting for a certification that does not have a blueprint, a cost or a launch date is a poor trade against skills and credentials you can bank this year.

What Happens Next and How to Track It

ISC2 will publish the exam blueprint once the definition phase concludes, and that document is the moment to pay close attention. It will confirm the domains, weightings and any experience requirement. The pilot exam in late 2026 will follow, and general availability after that.

We will update this post as ISC2 releases concrete details, including the exam code, domain weightings, question count, passing standard and pricing. Bookmark it and check back, because in a fast-moving space the first accurate breakdown of a new certification is often the difference between a confident study plan and guesswork.

In the meantime, the smartest preparation is to build genuine AI security depth. Practise threat-modelling AI systems, learn how data protection changes when models are involved, and get comfortable with AI governance frameworks. Those skills pay off on SecAI+, on AAISM, on the AI-refreshed CISSP and CCSP, and on the ISC2 AI security certification when it finally arrives.

Ready to Start Practising?

The ISC2 AI security certification is coming, but your career is not waiting. The fastest way to be ready for it, and to earn a credential that counts right now, is to build real AI security knowledge and test it under exam conditions.

CertCrush has realistic practice questions and structured study plans for the certifications that matter today, from CISSP and CCSP to the newest AI security tracks. Whether you are targeting SecAI+, AAISM or laying the ISC2 foundation you will need, practising with exam-style questions is what turns study time into a pass.

Create your free CertCrush account and start practising today, or browse the full course catalogue to find your next certification.

ISC2AI security certificationISC2 AI certAAISMSecAI+CISSPcybersecurity certifications 2026
Tom Ashford

Written by

Tom Ashford · Security Certifications Lead

Tom spent over a decade in security operations and consulting before turning to full-time exam-prep writing. He covers the big security certifications — CISSP, CISM, CISA, Security+ and the rest of the alphabet — with a soft spot for the questions everyone gets wrong. His rule for every article: if it doesn’t help you score marks, it doesn’t go in.

All articles by Tom

Want a ISC2 practice course?

We don’t cover this exam yet — we build the most-requested courses first. One click tells us you want it.

Ready to crush this exam?

Set your exam date, follow a daily plan, and watch your readiness score climb — realistic practice with an explanation for every answer.