What Is CompTIA SecAI+? The New AI Security Certification, Explained
By Chris Rees
Artificial intelligence is now woven into how organizations build, operate, and defend software — and attackers have noticed. CompTIA SecAI+ is the industry's first vendor-neutral certification devoted entirely to securing AI. Here's the complete picture: what it covers, who it's for, the exam itself, and how to start preparing.
Why CompTIA created SecAI+
For two decades, security certifications assumed the things you protect are networks, servers, and applications. AI breaks that assumption. A model is a new kind of asset — one that learns from data, takes instructions in plain language, and can be manipulated in ways firewalls and patch management never anticipated.
Adoption has outrun the security skills to match it. Teams are shipping LLM features faster than they can answer basic questions like "what happens if an attacker controls the text our model reads?" SecAI+ exists to close that gap: it validates that you understand how AI systems work, how they're attacked, and how to defend them — knowledge that sits in the blind spot of traditional certs.
The four domains — and why their weights matter
The SecAI+ exam (CY0-001) is organized into four domains. They are not weighted equally, and that should shape how you study.
1.0 — Basic AI Concepts (17%). The foundation: the AI / machine-learning / deep-learning hierarchy, how training differs from inference, data-security principles, and the AI lifecycle. Everything else depends on this. (Our primer on how LLMs actually work covers exactly this ground.)
2.0 — Securing AI Systems (40%). The heart of the exam. Attacks against AI — prompt injection, data poisoning, model theft, evasion — and the controls that defend each. If you master one domain, make it this one.
3.0 — AI-assisted Security (24%). The flip side: using AI to do security — improving detection, triage, and incident response — plus the limits and risks of trusting AI in the loop.
4.0 — AI Governance, Risk & Compliance (19%). Policy, accountability, and frameworks like the NIST AI Risk Management Framework. This is how AI security becomes a defensible, auditable program rather than ad-hoc controls.
Who SecAI+ is for
SecAI+ is aimed at working security professionals whose roles now intersect with AI:
- SOC analysts and security engineers defending systems that include AI
- Application and DevSecOps teams building LLM-powered features
- GRC and risk professionals who need to govern AI responsibly
The assumed starting point is a background equivalent to CompTIA Security+. SecAI+ is a strong next certification, not a first one. (If you're weighing the two, see SecAI+ vs Security+.)
Exam at a glance
| Exam code | CY0-001 |
| Questions | Up to 60 (multiple-choice + performance-based) |
| Length | 60 minutes |
| Passing score | 600 on a 100–900 scale |
| Recommended experience | Security+ level, plus some AI exposure |
| Domains | 4 (weighted as above) |
How to start preparing
Build the mental model first, then weight your hours toward Domain 2, and practice with exam-style questions rather than passive reading. We lay out a full approach in how to pass SecAI+.
Key takeaways
- SecAI+ (CY0-001) is CompTIA's first cert focused entirely on securing AI.
- Four domains, unequal weights — Domain 2 (Securing AI Systems) is 40% of the exam.
- It's a "next" cert — Security+ level knowledge is the assumed baseline.
- 60 questions, 60 minutes, pass at 600/900, with multiple-choice and performance-based items.
- Start with Domain 1 — the AI fundamentals everything else builds on.
Domain 1 is the foundation — get the core AI concepts solid before tackling the heavier "Securing AI Systems" domain. Our SecAI+ Domain 1 study guide walks through all 18 topics with exam-style practice questions and a downloadable PDF.
Ready to study?
Get the interactive SecAI+ Domain 1 guide — practice questions and a PDF.
Browse study guides