In partnership with
The intersection of cybersecurity and artificial intelligence is no longer a future talking point. It is the present. And as of February 17, 2026, CompTIA has made that official with the launch of CompTIA SecAI+, their first ever certification built specifically for cybersecurity professionals working with AI.
This is a big deal. Let me break down what it is, why it matters, and what you need to know if you are considering adding it to your professional toolkit.
I have also done a full video on this, so if you prefer to watch rather than read, go check that out on my YouTube channel.
What Is CompTIA SecAI+?
CompTIA SecAI+ (exam code CY0-001) is a vendor-neutral certification designed for experienced cybersecurity and IT professionals. It validates practical skills across three core areas:
Securing AI systems using technical controls
Leveraging AI responsibly within security operations to automate tasks and strengthen defences
Managing governance, risk and compliance (GRC) for AI-enabled environments
Unlike general cybersecurity certifications such as Security+, SecAI+ focuses specifically on how security teams interact with AI systems across development, deployment and operations. This is not about traditional infrastructure and application security alone. It is about understanding where AI fits into the security landscape and how to manage it properly.
Free, private email that puts your privacy first
A private inbox doesn’t have to come with a price tag—or a catch. Proton Mail’s free plan gives you the privacy and security you expect, without selling your data or showing you ads.
Built by scientists and privacy advocates, Proton Mail uses end-to-end encryption to keep your conversations secure. No scanning. No targeting. No creepy promotions.
With Proton, you’re not the product — you’re in control.
Start for free. Upgrade anytime. Stay private always.
Why Does This Certification Matter?
AI is reshaping how organisations detect, investigate and respond to threats. Whether it is machine learning models identifying anomalous network behaviour, natural language processing powering automated incident response, or generative AI being used in phishing attacks, the reality is that AI is embedded in modern cybersecurity on both sides of the fence.
The challenge is that most cybersecurity professionals have not been formally trained on how to secure AI systems or how to use AI responsibly within their security operations. There has been a gap between knowing cybersecurity fundamentals and understanding the AI layer that now sits on top of so many tools and processes.
SecAI+ directly addresses that gap. It is designed for professionals who already have a cybersecurity foundation and need to level up their understanding of AI in a security context.
What Does the Exam Cover?
The SecAI+ exam is structured around four key domains:
1. AI Concepts and Principles (approx. 20%)
This covers the foundational AI knowledge every security professional needs. Think machine learning, deep learning, natural language processing and automation. You do not need to be a data scientist, but you need to understand how these technologies work and where they apply in security.
2. Securing AI Systems (approx. 30%)
This is the largest domain and covers the technical controls needed to protect AI systems. This includes understanding AI-specific attack surfaces, data poisoning, model manipulation and how to implement security measures throughout the AI lifecycle.
3. AI-Enhanced Security Operations (approx. 31%)
This domain focuses on how to use AI to improve your security posture. It covers practical applications like AI-driven threat detection, automated security workflows and how to integrate AI tools into existing security operations without introducing new risks.
4. AI Governance, Risk and Compliance (approx. 19%)
With regulations evolving rapidly around AI, this domain covers global governance requirements, ethical guidelines, legal standards and industry frameworks such as GDPR and the NIST AI Risk Management Framework. If you work in GRC or need to advise leadership on AI adoption, this section is essential.
Exam Details at a Glance
Exam Code | CY0-001 |
|---|---|
Number of Questions | Up to 60 (multiple-choice and performance-based) |
Duration | 60 minutes |
Launch Date | February 17, 2026 |
Recommended Experience | 3 to 4 years IT experience, approx. 2 years in cybersecurity, with practical AI knowledge |
Type | Vendor-neutral |
The inclusion of performance-based questions is worth noting. CompTIA is not just testing whether you can memorise definitions. They want to assess your applied skills, operational decision-making and ability to work through real scenarios. This makes the certification more credible and more valuable to employers.
Who Should Consider SecAI+?
This certification is aimed at professionals who already have a solid cybersecurity foundation. If you hold Security+ or equivalent experience and you are working in or moving towards roles that involve:
Security operations and incident response
AI system deployment and management
Governance, risk and compliance for AI
Threat detection and security automation
Security architecture involving AI components
Then SecAI+ is worth serious consideration.
If you are earlier in your career and still building your cybersecurity fundamentals, I would recommend getting Security+ first and building some hands-on experience before tackling SecAI+.
My Take on SecAI+
Here’s the recruiter truth.
In the first 6 to 12 months of a brand new certification, most employers will not list it as a requirement. Job ads take time to catch up. So if your plan is “I’ll get SecAI+ and then I’ll instantly land an AI security role”, that is probably not how it will play out.
That said, I do think SecAI+ can be a valuable signal to the right hiring manager. It shows:
You are paying attention to where security is going
You understand there is an AI risk layer sitting on top of modern security work
You are investing in skills that will matter as more organisations roll out AI systems and AI-enabled security tools
But that signal only works if the rest of your profile makes sense.
If you are applying for an entry-level role and you have SecAI+ but you do not have the fundamentals, hands-on labs, projects, or real experience, the cert alone is not going to move you to the top of the shortlist.
So is SecAI+ “worth it”?
My view is that it will be valuable, but only for the right person at the right time. I do not see it as a replacement for the fundamentals. I see it as an accelerator once you have them.
If you are sitting there thinking “Is this just CompTIA cashing in on hype?”, maybe a bit. Every cert is a business. The only question that matters is whether it moves your career forward.
What Should You Do Next?
If SecAI+ interests you, here is what I would recommend:
Review the exam objectives on the CompTIA website to understand exactly what is covered
Assess your current knowledge against the four domains and identify your gaps
Build a study plan that covers the areas where you need the most work
Get hands-on experience with AI tools in a security context wherever possible
Watch my video where I go deeper on this topic and share my thoughts on how to approach preparation
The cybersecurity landscape is evolving rapidly, and certifications like SecAI+ are a clear signal of where the industry is heading. Whether you pursue it now or later, understanding AI security is becoming a non-negotiable skill for cybersecurity professionals.
As always, keep levelling up your career. Thanks for reading.
Best wishes,
Luke
P.S. Stuck on something? Hit reply. I’m here to help.
