Skip to main content

I Took the CompTIA SecAI+ Beta Exam: Q&A With a Beta Candidate

SecAI+
February 11, 2026

Michael McNelis serves as the Chief Marketing Officer at Training Camp, a leading provider of professional development and certification programs. With over two decades of marketing leadership in technology and education, he spearheads strategic initiatives to enhance the company's market presence and growth. Having taken the CompTIA SecAI+ beta exam in October 2025, Michael offers firsthand insights into the testing process, what the exam covers, and how it compares to other AI security certifications.

CompTIA: You sat for the CompTIA SecAI+ beta. When did you take it, and what was your first reaction walking out of the testing center?

Michael: I took the beta in October. I walked out of the testing center, grabbed a coffee, sat in my car, and just stared out the windshield for about ten minutes. I have been helping people get certified for over 20 years and have taken more exams than I can count. SecAI+ genuinely surprised me—not because it was impossibly hard, but because it was clear CompTIA is trying to do something new here. I cannot share specific questions or anything covered by NDA, but I can absolutely describe what to expect and whether it is worth your time.

What SecAI+ is all about

CompTIA: From your perspective, what is SecAI+ and why does it matter? 
Michael: SecAI+ is CompTIA’s first certification focused specifically on two things:

1.    Securing AI systems themselves.
2.    Using AI to enhance security operations.

If you work in cybersecurity in 2025 and beyond, this matters. AI is no longer theoretical. It is embedded in tools, workflows and infrastructure. SecAI+ is aimed squarely at that reality.

Why you chose to take the Beta

CompTIA: You take a lot of beta exams. Why did you decide this one was worth your time?

Michael: I do take a lot of betas—occupational hazard when you work for a certification training company. But SecAI+ felt different from the moment it was announced. Every client conversation I have now eventually circles back to AI:

  • How do we secure our AI tools?

  • How do we use AI in our SOC?

  • What happens when attackers start using AI against us?

Those are no longer hypothetical. They’re urgent. CompTIA’s research backs that up: more than half of cybersecurity professionals—56%—already use AI tools daily, yet most organizations have zero formal training on how to do that securely. That is a huge skills gap. SecAI+ is CompTIA’s attempt to address it. When beta applications opened in October, I signed up immediately.

Who CompTIA selected for the Beta

CompTIA: What did the beta candidate profile look like? Who was CompTIA trying to get into that pool?

Michael: The selection criteria were pretty specific. CompTIA was looking for people with around 3–4 years of overall IT experience, and Roughly 2 years in cybersecurity roles.

What surprised some people is that CompTIA actually turned away candidates for having too much experience. That told me you were targeting mid‑career practitioners, people who are hands-on, not executives and not complete beginners. I made it in, probably because I’m very intentional about staying technical and hands-on despite being in a training‑focused role.

What the Exam Covers

CompTIA: Let’s talk scope. What does SecAI+ actually cover?

Michael: The exam code is CY0‑001, and the content is divided into four domains. The weighting tells you where to prioritize your study time.

SecAI+ Domain Breakdown

  1.    Securing AI Systems (40%)This is the biggest piece by far. It covers:

  1. Implementing security controls for AI systems.

  2. Protecting training data, models and outputs.

  3. Securing deployment environments across cloud and on‑prem.

The message is clear: The industry wants and needs certified professionals who can actually secure AI systems, not just talk about them in theory. You need to know adversarial attacks, data poisoning, model theft and how to defend against all of it. If you have practical experience with AI systems, this domain is where it really helps.

2.    AI‑Assisted Security (24%)

This is about using AI to improve security operations:

  1. Threat detection and analysis.

  2. Automating security workflows.

  3. Integrating AI into SOC processes. 

It is the “AI as defender’s tool” side of the story.

3.    AI GRC (19%)

  1. Governance, risk, and compliance specifically for AI:

    a.    EU AI Act

    b.    NIST AI RMF

    c.    Relevant ISO standards

The regulatory environment is evolving fast, and the exam reflects that. You are tested on how to apply these frameworks, not just name them.

4.    Basic AI Concepts (17%)

Foundational AI knowledge:

  1. Machine learning fundamentals

  2. LLMs and transformers

  3. Core terminology and concepts

You do not need to be a data scientist, but you must know enough to make sound security decisions about AI systems.

What it was like to take the Beta

CompTIA: What was your experience actually sitting the beta exam?

Michael: Beta exams always feel a bit different. You do not get a score right away because CompTIA is still validating and calibrating the questions. Your performance helps determine which items make it into the final version. SoSo, I walked out without any idea whether I passed, which is still odd for me after all these years of taking exams.

In terms of format, it was a mix of:

  • Multiple‑choice questions

  • Performance‑based questions (PBQs)

The PBQs, in particular, felt practical and grounded in real‑world scenarios. They did not feel like abstract, artificial simulations. The intent is clearly to test whether you can work with AI security concepts in realistic contexts, not just whether you can recognize vocabulary words.

Which areas felt strongest and most surprising

CompTIA: Which parts of the exam felt most comfortable to you, and which parts surprised you?

Michael:

  • Strongest: The AI fundamentals section was where I felt most at home. Things like:

    • Differences between generative and discriminative models.

    • How transformers work.

    • What LLMs actually do “under the hood”.

If you’ve spent time with tools like ChatGPT or building against AI APIs, you’re already ahead here.

  • Most surprising: The governance section. I expected it to be dry policy content, but it wasn’t. There were practical scenario‑based questions around handling AI compliance in different regulatory environments. Knowing the distinction between EU AI Act requirements and NIST AI RMF recommendations actually mattered. If you think GRC is boring, this exam might change your mind—or at minimum, forcing you to understand why AI governance is becoming central to security practice.

Who SecAI+ Is Really For

CompTIA: From your vantage point, who is the ideal candidate for SecAI+?

Michael: SecAI+ is not an entry‑level certification. CompTIA recommends having Security+, CySA+, or PenTest+ first, and that recommendation aligns with what I saw on the exam. You need a solid security foundation before tackling AI security. The sweet spot is:

  • Mid‑career cybersecurity practitioners, especially:

    o    SOC analysts

    o    Security engineers

    o    Threat detection or incident response professionals

If your role involves evaluating, implementing, or operating AI‑powered security tools, SecAI+ is a strong fit and a meaningful validator. It’s also very relevant for governance, risk and compliance professionals dealing with AI.

The EU AI Act is already in play. NIST keeps iterating its AI guidance. Organizations are trying to figure out responsible AI deployment. If you’re the person answering, “Can we do this?” and “How do we do this safely?”, SecAI+ can give you structured, recognized credibility.

How It Compares to Other AI Security Certifications

CompTIA: There are other AI‑related credentials emerging. How does SecAI+ stack up against them?

Michael: The obvious comparison is ISACA’s AAISM. Same general domain—AI security—but different emphasis:

Certification Focus area Best for Key traits
ISCA AAISM Governance & traditional risk management Professionals already in the ISACA progression (e.g., CISM, CISA); governance or audit-focused roles. Leans heavily into governance risk; fits naturally within ISACA's certifiation path.
CompTIA SecAI+ Securing AI systems and using AI for security operations. Technical, hands-on professionals; those coming from Security+ to CySA+ to SecAI+. Broader and more technical; hands-on; covers both securing AI and applying AI in security.
IAAP AIGP AI governance and privacy. Governance, audit, or privacy-focused pros. More focused on privacy adn governance; narrower, deeper emphasis in those areas.

Key Topics to Prioritize

CompTIA: If you had to highlight the highest‑value study topics, what would they be

Michael: I’d prioritize:

AI Fundamentals

  • Machine learning vs. deep learning

  • Supervised vs. unsupervised vs. reinforcement learning

  • How neural networks function

  • What transformers and attention mechanisms do

Again, you’re not expected to build models from scratch, but you must understand them well enough to secure them.

LLM Security

  • Prompt injection and prompt‑chaining attacks

  • Jailbreak techniques

  • Data leakage via model outputs

  • Guardrails, content filtering, and policy enforcement

MLOps Security

  • Securing the ML pipeline end‑to‑end:

    • Data collection and labeling

    • Training and validation environments

    • Model deployment and monitoring

  • CI/CD for machine learning

  • Model versioning, access control, and logs

AI‑Enhanced Detection and Response

  • Using AI for anomaly detection and behavior analytics.

  • Automating parts of threat hunting and triage.

  • Understanding when AI helps—and when it can mislead you.

The Market Reality for AI Security Skills

CompTIA: Beyond the exam itself, how do you view the market demand for AI security skills?

Michael: It’s growing fast and still relatively immature.

  1. Almost every organization I work with is:

    • Already deploying AI tools, or

    • Worried about falling behind competitors who are

  2. Security and GRC teams are under pressure to:

    • Evaluate AI systems

    • Secure them

    • Build governance around them

But most teams don’t have formal training here, which creates a big opportunity. We’re already seeing roles explicitly ask for AI security experience:

  • AI Security Architect

  • MLOps Security Engineer

  • AI Risk and Governance Specialist

SecAI+ alone won’t guarantee those jobs, but it signals you understand the space. Combine it with hands‑on experience, and you have a strong early‑mover advantage in a market that’s still forming.

Final Verdict

CompTIA: After taking the beta, what’s your honest verdict on SecAI+, and where do you see it going?

Michael: CompTIA took a real swing with SecAI+, and from my seat, it connected.

  • The exam tests practical, current security skills around AI.

  • It fills a real gap between:

    • Traditional security certifications, and

    • The reality of AI‑driven environments.

For mid‑career security professionals, it’s one of the first credentials that seriously addresses AI security end‑to‑end. My recommendations for anyone considering it

  1. Download the official exam objectives from CompTIA.

  2. Build hands‑on experience with AI systems and AI‑powered security tools.

  3. Do not skip the governance and compliance content, even if it’s not your favorite topic.

My prediction: within about five years, much of what’s in SecAI+ will bleed directly into broader certifications like Security+. AI will become so fundamental to the job that it won’t stay a “specialty” forever, just like cloud security gradually became standard content. Getting SecAI+ now puts you ahead of that curve, with a credential that clearly says: “I know how to secure AI, and I know how to use AI to secure everything else.”

Ready to get ahead in AI security? Start your SecAI+ exam prep and become one of the first certified professionals securing the future of AI. 

Learn more about Michael’s experience as a  SecAI+ beta tester.