Skip to content
All articles
June 29, 2026 9 min read

What Is CompTIA SecAI+? The New AI Security Certification, Explained

By Chris Rees

Artificial intelligence is now woven into how organizations build, operate, and defend software — and attackers have noticed. CompTIA SecAI+ is the industry's first vendor-neutral certification devoted entirely to securing AI. Here's the complete picture: what it covers, who it's for, the exam itself, and how to start preparing.

Why CompTIA created SecAI+

For two decades, security certifications assumed the things you protect are networks, servers, and applications. AI breaks that assumption. A model is a new kind of asset — one that learns from data, takes instructions in plain language, and can be manipulated in ways firewalls and patch management never anticipated.

Adoption has outrun the security skills to match it. Teams are shipping LLM features faster than they can answer basic questions like "what happens if an attacker controls the text our model reads?" SecAI+ exists to close that gap: it validates that you understand how AI systems work, how they're attacked, and how to defend them — knowledge that sits in the blind spot of traditional certs.

The four domains — and why their weights matter

The SecAI+ exam (CY0-001) is organized into four domains. They are not weighted equally, and that should shape how you study.

SecAI+ exam domain weightings: Domain 1 is 17 percent, Domain 2 is 40 percent, Domain 3 is 24 percent, Domain 4 is 19 percent 1.0 Basic AI Concepts 17% 2.0 Securing AI Systems 40% 3.0 AI-assisted Security 24% 4.0 Governance & Compliance 19%
Domain 2 — Securing AI Systems — is 40% of the exam, more than twice any other domain. Weight your study time accordingly.

1.0 — Basic AI Concepts (17%). The foundation: the AI / machine-learning / deep-learning hierarchy, how training differs from inference, data-security principles, and the AI lifecycle. Everything else depends on this. (Our primer on how LLMs actually work covers exactly this ground.)

2.0 — Securing AI Systems (40%). The heart of the exam. Attacks against AI — prompt injection, data poisoning, model theft, evasion — and the controls that defend each. If you master one domain, make it this one.

3.0 — AI-assisted Security (24%). The flip side: using AI to do security — improving detection, triage, and incident response — plus the limits and risks of trusting AI in the loop.

4.0 — AI Governance, Risk & Compliance (19%). Policy, accountability, and frameworks like the NIST AI Risk Management Framework. This is how AI security becomes a defensible, auditable program rather than ad-hoc controls.

Who SecAI+ is for

SecAI+ is aimed at working security professionals whose roles now intersect with AI:

  • SOC analysts and security engineers defending systems that include AI
  • Application and DevSecOps teams building LLM-powered features
  • GRC and risk professionals who need to govern AI responsibly

The assumed starting point is a background equivalent to CompTIA Security+. SecAI+ is a strong next certification, not a first one. (If you're weighing the two, see SecAI+ vs Security+.)

Exam at a glance

Exam code CY0-001
Questions Up to 60 (multiple-choice + performance-based)
Length 60 minutes
Passing score 600 on a 100–900 scale
Recommended experience Security+ level, plus some AI exposure
Domains 4 (weighted as above)

How to start preparing

Build the mental model first, then weight your hours toward Domain 2, and practice with exam-style questions rather than passive reading. We lay out a full approach in how to pass SecAI+.

Key takeaways

  • SecAI+ (CY0-001) is CompTIA's first cert focused entirely on securing AI.
  • Four domains, unequal weights — Domain 2 (Securing AI Systems) is 40% of the exam.
  • It's a "next" cert — Security+ level knowledge is the assumed baseline.
  • 60 questions, 60 minutes, pass at 600/900, with multiple-choice and performance-based items.
  • Start with Domain 1 — the AI fundamentals everything else builds on.

Domain 1 is the foundation — get the core AI concepts solid before tackling the heavier "Securing AI Systems" domain. Our SecAI+ Domain 1 study guide walks through all 18 topics with exam-style practice questions and a downloadable PDF.

Share this article

Ready to study?

Get the interactive SecAI+ Domain 1 guide — practice questions and a PDF.

Browse study guides