You Can Pass This Exam For Free
Choose Your Study Path
Limited security or AI experience. You need to build foundational knowledge in both areas before tackling AI-specific security.
Week 1Learn AI fundamentals: types of AI (ML, deep learning, NLP, LLMs, GANs), model training basics (supervised, unsupervised, reinforcement learning), and prompt engineering concepts
Week 2Study data security in AI: data processing pipeline, structured vs unstructured data, RAG architecture, vector storage, and embeddings
Week 3Learn the AI lifecycle end-to-end: from business use case through deployment, monitoring, and feedback loops. Understand human-in-the-loop concepts
Week 4Deep dive into Domain 2 (40% of exam): study OWASP Top 10 for LLMs, MITRE ATLAS, and AI threat modeling frameworks
Week 5Continue Domain 2: security controls (model controls, gateway controls, guardrails), access controls, and data security controls (encryption states, anonymization, masking)
Week 6Study Domain 2 attacks: prompt injection, poisoning, jailbreaking, model inversion/theft, supply chain attacks. Learn compensating controls for each
Week 7Cover Domain 3 (AI-assisted security tools, deepfakes, adversarial networks) and Domain 4 (governance, EU AI Act, NIST AI RMF, ISO standards, AI roles)
Week 8Practice questions across all domains, review explanations carefully, focus on Domain 2 which is 40% of the exam
Week 9Take full mock exams, review weak areas, re-study any domains where you score below 70%
Week 10Final review: focus on attack-vs-compensating-control pairings, confusable concepts, and exam traps
Exam Overview
Format
Up to 60 questions, 60 minutes. Multiple choice and performance-based questions (PBQs).
Scoring
Scaled score 100-900. Passing: 600. No penalty for wrong answers — always guess if unsure.
Domains & Weights
- Basic AI Concepts Related to Cybersecurity17%
- Securing AI Systems40%
- AI-Assisted Security24%
- AI Governance, Risk, and Compliance19%
Registration
$359 USD. Available at Pearson VUE testing centers or online proctored from home. Exam fee is $359 USD.
Topic Priority Table
Not all topics are tested equally. Focus your study time on Tier 1 first, then Tier 2. Tier 3 topics rarely appear — just recognize what they do.
Domain 117% of exam
Basic AI Concepts Related to Cybersecurity
This domain covers foundational AI concepts through a security lens. You need to understand AI types and techniques, how data is secured throughout the AI pipeline, and the complete AI lifecycle with security at every stage. While the smallest domain by weight, this knowledge underpins everything else on the exam.
Key Topics
LLMsTransformersGANsRAGPrompt EngineeringAI LifecycleData Processing Pipeline
Must-Know Concepts
- Types of AI: Generative AI, Machine Learning, Statistical learning, Transformers, Deep learning, NLP, LLMs, SLMs, GANs — know what each does and how they relate
- Model training approaches: supervised learning (labeled data), unsupervised learning (pattern discovery), reinforcement learning (reward-based). Know when each applies
- Fine-tuning concepts: epoch (one complete pass through training data), pruning (removing unnecessary model parameters), quantization (reducing numerical precision to shrink model size)
- Prompt engineering: zero-shot (no examples), one-shot (one example), multi-shot (multiple examples), system prompts vs user prompts, system roles, prompt templates
- Data processing pipeline: cleansing, verification, lineage, integrity, provenance, augmentation, and balancing — know what each step accomplishes
- Data types in AI: structured (databases, spreadsheets), semi-structured (JSON, XML), unstructured (text, images, audio)
- RAG architecture: how vector storage and embeddings work to augment AI responses with external data without retraining
- Watermarking: techniques to mark AI-generated content for identification and provenance tracking
- Complete AI lifecycle stages: business use case through data collection, preparation, model development, evaluation, deployment, validation, monitoring, and feedback
- Human-centric AI: human-in-the-loop, human oversight, and human validation — when and why each is needed
Common Exam Traps
Fine-tuning MODIFIES the model weights. RAG does NOT modify the model — it only augments the prompt with retrieved data
Transformers are the architecture behind LLMs (like GPT). They are not a separate type of AI but a specific neural network architecture
Data provenance (origin) and data lineage (transformation history) are different concepts. Provenance is WHERE it came from; lineage is HOW it was transformed
The AI lifecycle is iterative, not linear. Monitoring feeds back into data collection and model updates
Zero-shot means NO examples in the prompt. It does not mean the model has zero training — the model still has its pre-trained knowledge
Domain 240% of exam
Securing AI Systems
The heaviest domain at 40% — expect roughly 24 questions on this topic alone. Covers AI threat modeling, security controls, access controls, data protection, monitoring/auditing, and the full catalog of AI-specific attacks with their compensating controls. Master this domain or you will not pass.
Key Topics
OWASP Top 10 for LLMsMITRE ATLASPrompt FirewallsGuardrailsGateway ControlsEncryptionMonitoringAccess Controls
Must-Know Concepts
- OWASP Top 10 for LLM Applications AND ML Security Top 10 — these are two separate lists covering different AI security concerns
- MITRE ATLAS: adversarial tactics and techniques specific to AI systems. Know how it differs from MITRE ATT&CK
- Model controls: model evaluation, guardrails (output constraints), and prompt templates (structured input formatting)
- Gateway controls: prompt firewalls, rate limiting, token limits, input limits, modality limits, and endpoint access restrictions
- Three types of access control: model access (who can query), data access (who can see training/inference data), agent access (what AI agents can do), plus network and API access
- Data encryption in three states: at rest (stored), in transit (network), and in use (processing). Know controls for each state
- Data safety techniques: anonymization (irreversible), classification labels, redaction (removal), masking (hiding), minimization (collecting only what is needed)
- Monitoring dimensions: prompt monitoring (queries and responses), log monitoring with sanitization and protection, response confidence scores, rate monitoring, and AI cost monitoring (prompts, storage, response, processing costs)
- Auditing requirements: hallucination detection, accuracy measurement, bias and fairness assessment, and access auditing
- Full attack catalog: prompt injection, data poisoning, jailbreaking, hallucinations, input manipulation, bias introduction, guardrail circumvention, model inversion, model theft, supply chain attacks, transfer learning attacks, model skewing, output integrity, membership inference, insecure output handling, model DoS, sensitive info disclosure, insecure plugin design, excessive agency, overreliance
- Compensating controls for each attack: prompt firewalls, guardrails, access controls, data integrity checks, encryption, prompt templates, rate limiting, and least privilege
Common Exam Traps
OWASP has TWO AI-related Top 10 lists: LLM Top 10 and ML Security Top 10. Do not confuse them — they address different risk categories
Guardrails must be TESTED and VALIDATED. Simply deploying guardrails without testing gives false security. The exam specifically calls out guardrail testing
Prompt firewalls filter INPUT. Guardrails constrain OUTPUT. Know which direction each control protects
Model DoS is different from traditional DDoS. It specifically targets AI model resources (compute, tokens) rather than network bandwidth
Excessive agency means an AI agent has too many permissions or too much autonomy, not that it is producing too many responses
Insecure plugin design is about third-party plugins that extend AI capabilities without proper security validation
Domain 324% of exam
AI-Assisted Security
This domain covers how AI is used as a security tool (defensive) and how attackers leverage AI (offensive). Also covers automation of security tasks using AI. Expect questions on specific tool types, AI-enhanced attack vectors like deepfakes, and AI-driven automation in CI/CD and incident response.
Key Topics
IDE PluginsChatbotsMCP ServerDeepfakesAI AgentsCI/CD SecurityAnomaly Detection
Must-Know Concepts
- AI-enabled security tool types: IDE plugins, browser plugins, CLI plugins, chatbots, personal assistants, and MCP servers
- AI security use cases: signature matching, code quality/linting, vulnerability analysis, automated penetration testing, anomaly detection, pattern recognition, incident management, threat modeling, fraud detection, translation, and summarization
- Deepfake categories: impersonation (identity fraud), misinformation (unintentional), and disinformation (intentional deception)
- AI-enhanced attack vectors: adversarial networks, automated reconnaissance, social engineering amplification, code obfuscation, automated data correlation
- Automated attack generation capabilities: attack vector discovery, payload generation, malware creation, honeypot detection, and DDoS amplification
- AI automation of security tasks: low-code/no-code scripting, document synthesis and summarization, incident response ticket management
- Change management with AI: AI-assisted approvals, automated deployment and rollback
- AI in CI/CD: code scanning, software composition analysis (SCA), unit testing, regression testing, model testing, automated deployment and rollback
- AI agents: autonomous AI systems that can take actions, make decisions, and interact with external tools and systems
Common Exam Traps
Deepfake impersonation is NOT the same as deepfake disinformation. Impersonation targets a specific person; disinformation spreads false narratives
MCP server is listed as a security tool type. Know what Model Context Protocol does and how it enables standardized tool integration
AI-assisted approvals in change management are not fully autonomous. They ASSIST human decision-making, not replace it
Automated penetration testing using AI still requires human oversight. AI accelerates the process but does not eliminate the need for skilled testers
Domain 419% of exam
AI Governance, Risk, and Compliance
This domain covers organizational governance structures, responsible AI principles, AI-specific risks, and compliance frameworks. Know the key AI-related job roles, the difference between voluntary frameworks and enforceable regulations, and how organizations manage AI risks including Shadow AI.
Key Topics
EU AI ActNIST AI RMFISO AI StandardsOECD StandardsAI Center of ExcellenceResponsible AI
Must-Know Concepts
- Organizational governance structures: AI Center of Excellence, AI policies and procedures
- AI-related roles: data scientist, AI architect, ML engineer, platform engineer, MLOps engineer, AI security architect, AI governance engineer, AI risk analyst, AI auditor, data engineer — know what each role does
- Responsible AI principles: fairness, reliability/safety, transparency, privacy/security, explainability, inclusiveness, accountability, consistency, awareness training
- AI-specific risks: bias, data leakage, reputational loss, model accuracy and performance degradation, intellectual property risks, autonomous system risks
- Shadow IT and Shadow AI: unauthorized use of IT and AI tools. Shadow AI is employees using AI tools without organizational approval
- EU AI Act: risk-based classification (unacceptable, high, limited, minimal risk). Unacceptable risk is banned; high risk requires strict compliance
- NIST AI RMF: voluntary framework for AI risk management
- Corporate AI policies: sanctioned vs unsanctioned AI tools, private vs public models, sensitive data governance
- Third-party compliance evaluations: assessing AI vendors and partners for compliance
Common Exam Traps
EU AI Act is LEGALLY ENFORCEABLE. NIST AI RMF, OECD standards, and ISO standards are VOLUNTARY. This is a critical distinction
Shadow AI is not just Shadow IT — it specifically refers to unauthorized AI tool usage, which carries unique risks like data leakage to AI providers
Data sovereignty requirements may affect where AI models can be trained and where data can be stored, especially under the EU AI Act
An AI auditor and an AI risk analyst have different roles: auditors verify compliance and accuracy, risk analysts identify and assess potential risks
Sanctioned AI tools are approved by the organization. Unsanctioned AI tools are not approved. Using unsanctioned tools is Shadow AI
Concepts You Must Not Confuse
These pairs appear on nearly every exam. Learn the difference and you'll avoid the most common traps.
Top Mistakes to Avoid
Confusing prompt injection (unauthorized actions) with jailbreaking (bypassing safety guardrails) — both manipulate prompts but have different goals
Mixing up model inversion (extracting training data) with model theft (copying the model itself)
Thinking guardrails and prompt firewalls do the same thing — prompt firewalls filter inputs, guardrails constrain outputs
Confusing RAG with fine-tuning — RAG augments prompts at query time without changing the model; fine-tuning actually modifies model weights
Treating the EU AI Act (legally binding) and NIST AI RMF (voluntary framework) as equivalent — one is enforceable law, the other is guidance
Not knowing there are TWO OWASP Top 10 lists for AI: one for LLMs and one for ML Security, covering different risk categories
Confusing data provenance (where data came from) with data lineage (how data was transformed over time)
Thinking Shadow AI is the same as Shadow IT — Shadow AI specifically involves unauthorized AI tools and carries unique data leakage risks
Assuming encryption at rest and encryption in transit cover all scenarios — encryption in use (processing) is a third state tested on the exam
Forgetting that the AI lifecycle is iterative: monitoring and feedback loop back to earlier stages, it is not a one-way process
Exam-Ready Checklist
Can explain all 4 exam domains and their relative weights (17%, 40%, 24%, 19%)
Know every attack type in Domain 2 and can match each to its compensating control
Can distinguish between prompt injection, jailbreaking, and guardrail circumvention
Understand the complete AI lifecycle and security considerations at each stage
Can explain the difference between OWASP LLM Top 10 and OWASP ML Security Top 10
Know MITRE ATLAS and how it differs from MITRE ATT&CK
Can map data safety techniques (anonymization, masking, redaction, minimization) to appropriate scenarios
Understand all three encryption states: at rest, in transit, and in use
Know all AI-related roles listed in the exam objectives and their responsibilities
Can distinguish between EU AI Act (legal), NIST AI RMF (voluntary), OECD standards (international guidelines), and ISO AI standards (certifications)
Understand deepfake categories: impersonation vs misinformation vs disinformation
Can explain Shadow AI, why it is risky, and how sanctioned vs unsanctioned AI policies address it
Scored 70%+ on at least two full mock exams (600/900 passing score)
Reviewed all incorrect answers — Domain 2 is 40% of the exam, so weak performance there is fatal
Recommended Resources
Free & Official Resources
Paid Courses & Practice Exams
These are recommended if you prefer a structured learning path. They can save time but are not required to pass.