On April 2, 2026, ISC2 published its Exam Guidance for Artificial Intelligence. For anyone working in cybersecurity, the important message is straightforward: AI is no longer treated as a side topic. ISC2 is now connecting AI-related risks, controls, and governance responsibilities to the certification domains that already define day-to-day security work.

That does not mean every security professional suddenly needs to become a machine-learning engineer. It does mean that practitioners are expected to understand where AI changes the risk picture: how models can be attacked, how AI tools can create data exposure, how automation affects incident response, and how governance frameworks need to account for systems that behave probabilistically rather than deterministically.

What changed across the certifications
The details vary by credential, but the pattern is consistent: AI is being mapped to the responsibilities people already have in their roles. Entry-level candidates need awareness. Administrators need implementation and monitoring knowledge. Architects and engineers need design and validation depth. Managers need governance, accountability, and risk oversight.

1. CC - Certified in Cybersecurity
Effective September 1, 2026

For the CC, the AI content is introductory. The goal is not deep technical mastery; it is making sure new practitioners understand that AI systems introduce familiar security concerns in new forms.

  • Security principles: AI is tied back to fundamentals such as confidentiality, integrity, and availability. For example, data integrity matters when thinking about model poisoning, and ethics matters when discussing transparency, bias, and responsible use.
  • Business continuity, disaster recovery, and incident response: Model drift is introduced as a continuity concern. Candidates are expected to understand that AI configurations, datasets, and response playbooks may need the same operational discipline as traditional systems.
  • Access control: AI bots, automated agents, and service accounts need identity lifecycle management. Least privilege applies to non-human accounts as much as it does to users.
  • Network security: The guidance introduces AI-assisted firewalls and intrusion detection, along with the need to separate AI training environments from production data.
  • Security operations: AI-enabled SIEM functions, alert correlation, and the risk of employees exposing sensitive data to public AI tools are now part of the baseline conversation.

2. SSCP - Systems Security Certified Practitioner
Effective September 15, 2024

The SSCP changes are more operational. They focus on how administrators and technical practitioners should secure, monitor, and recover AI-enabled systems.

  • Security concepts: Administrators are introduced to algorithmic integrity and the idea that machine-learning models need change management, not informal tweaking.
  • Access controls: Adaptive authentication, behavioural signals, and AI service accounts become part of identity administration.
  • Risk identification: Practitioners are expected to recognize AI-specific indicators of compromise, such as suspicious query patterns, model drift, or exposed AI endpoints.
  • Incident response: The guidance includes evidence handling for AI incidents, including logs tied to models, prompts, training data, and inference activity.
  • Cryptography: AI introduces more focus on protecting data during training and inference, as well as securing model-related keys and secrets.
  • Network security: Micro-segmentation and AI-assisted intrusion prevention are positioned as practical controls, especially around AI training clusters.
  • Systems and application security: The ML software supply chain, containerized AI workloads, model hijacking, and inference attacks are added to the practitioner’s security scope.

3. CISSP - Certified Information Systems Security Professional
Effective April 15, 2024

For CISSP, AI is treated as an enterprise security concern. The content appears across all eight domains rather than being isolated in a single AI section.

  • Security and risk management: AI models, LLMs, and third-party AI services need to be included in risk assessments, vendor reviews, and governance processes.
  • Asset security: Training datasets, model weights, prompts, and pre-trained models become assets that require classification and protection.
  • Security architecture and engineering: Architects need to understand secure AI compute environments, adversarial attacks, prompt injection, and explainability as a security and assurance issue.
  • Communication and network security: Zero Trust design and network detection are applied to AI workloads and training environments.
  • Identity and access management: AI agents and automated identities need least privilege, monitoring, and controls against privilege escalation.
  • Security assessment and testing: Testing now includes adversarial scenarios, model extraction, evasion, and logic flaws, not just traditional code vulnerabilities.
  • Security operations: SOAR, alert fatigue reduction, model drift monitoring, and response to active attacks on AI systems are operational concerns.
  • Software development security: LLM-generated code, ML libraries, dependency risk, hallucinated outputs, and model supply chain issues are part of secure development.

4. CCSP - Certified Cloud Security Professional
Effective August 1, 2026

The CCSP update reflects the fact that most AI workloads now run in cloud platforms or rely on cloud AI services. The shared responsibility model becomes especially important here.

  • Cloud architecture: Candidates need to understand AI-as-a-Service, infrastructure-as-code deployments, and cloud design choices that reduce model inversion or extraction risk.
  • Cloud data security: Data lakes, training datasets, sovereignty requirements, and remanence risks from temporary compute environments are emphasized.
  • Platform and infrastructure security: The guidance includes micro-segmentation, HSM-backed key management, model signing, and AI-aware DDoS or WAF controls.
  • Application security: AI APIs, prompt injection, inference attacks, and security testing for AI-generated logic flaws receive direct attention.
  • Security operations: Multi-cloud monitoring, AI-driven threat hunting, SIEM/SOAR integration, and model drift monitoring are covered.
  • Legal, risk, and compliance: Cloud AI services bring explainability, vendor risk, data residency, forensics, and regulatory obligations into the CCSP scope.

5. CGRC - Certified in Governance, Risk and Compliance
Effective June 15, 2024

The CGRC changes are focused on control selection, compliance evidence, and governance. This is where AI moves from a technical concern to an accountability concern.

  • Governance and compliance programs: NIST AI RMF, ISO/IEC 42001, AI oversight boards, and machine unlearning are introduced as governance topics.
  • System scope: Organizations need to identify embedded AI capabilities in commercial software and clearly define the boundary between training, inference, and supporting systems.
  • Control selection: Traditional baselines may need AI-specific controls for prompt injection, data poisoning, inherited cloud AI controls, and AI service provider responsibilities.
  • Control implementation: AI controls may be deployed through infrastructure-as-code, but teams also need to consider latency, reliability, and regulatory alignment.
  • Assessment and audit: The guidance includes AI-assisted audit evidence collection, bias assessment, black-box model review, and clearer responsibility mapping.
  • System compliance: Compliance activities may include privacy-document analysis, algorithmic bias reviews, and AI system security plan updates.
  • Compliance maintenance: MLOps changes, model-weight updates, and retraining cycles become formal change events that require ongoing monitoring.

6. CSSLP - Certified Secure Software Lifecycle Professional
Effective September 15, 2023

For CSSLP, the shift is from traditional secure SDLC toward MLSecOps. Software teams are expected to treat AI components as part of the application risk surface.

  • Secure software concepts: Data poisoning, model inversion, and training-data memorization are added to the secure software conversation.
  • Lifecycle management: AI retraining loops do not always fit neatly into linear release cycles, so governance gates and testing thresholds become more important.
  • Secure requirements: Teams may need to define hallucination tolerance, bias thresholds, abuse cases, and misuse scenarios as requirements.
  • Architecture and design: The guidance points to separation between application logic, inference engines, vector databases, and AI-driven threat modelling.
  • Implementation: Input handling, prompt injection mitigation, and validation of LLM interactions are treated as implementation responsibilities.
  • Testing: AI systems require probabilistic testing for drift, bias, toxicity, and adversarial behaviour, not only deterministic pass/fail test cases.
  • Deployment and maintenance: Model updates, sandboxing, AIOps, and regulatory expectations for AI-generated code become part of deployment planning.
  • Supply chain: The traditional SBOM concept expands to include model weights, training datasets, ML libraries, and open-source model risk.

7. ISSAP - Information Systems Security Architecture Professional
Effective August 1, 2025

At the architecture level, AI is both a tool and a protected surface. The ISSAP content reflects that dual role.

  • Governance, risk, and compliance: Architects are expected to design identity and access patterns that control AI agents and automated workflows.
  • Security architecture modelling: The guidance references intelligent SOC design, high-volume telemetry, SIEM/SOAR integration, AI firewalls, and monitoring around prompt injection risk.
  • Infrastructure and system security: Trusted execution environments, hardware-rooted trust, and software-defined perimeters are used to protect sensitive AI components such as model weights.
  • IAM architecture: AI decision-making needs auditability, and vendor risk architecture needs to address the use of external AI services before they enter production.

8. ISSEP - Information Systems Security Engineering Professional
Effective August 1, 2025

The ISSEP update treats AI as an engineering problem that needs validation, assurance, and controlled change management.

  • Engineering foundations: Formal methods and AI-specific threat modelling are used to support algorithmic integrity and system assurance.
  • Risk management: Engineers need to assess model robustness, logic drift, and explainability as part of risk reduction.
  • Security planning and engineering: Secure data ingestion, protection of model weights, and validation of pre-trained model provenance become design concerns.
  • Verification and validation: Adversarial testing is used to test whether AI-enabled controls remain resilient under attack.
  • Operations and change management: Monitoring, retraining triggers, and secure model update mechanisms are part of the operational engineering model.

9. ISSMP - Information Systems Security Management Professional
Effective August 1, 2025

For senior security leaders, the AI content is about governance, staffing, risk ownership, and business impact.

  • Leadership and organizational management: Managers need to address ethical AI governance, shadow AI, and security checkpoints in data science workflows.
  • Systems lifecycle management: MLSecOps decision gates may need to stop deployments when bias, hallucination, or reliability thresholds are exceeded.
  • Risk management: NIST AI RMF, ISO/IEC 42001, AI ethics committees, data officers, and predictive risk scoring are included in enterprise risk planning.
  • Security operations: Leaders need to plan for AIOps, AI-assisted threat hunting, and incident response for prompt injection or data poisoning.
  • Contingency management: Disaster recovery plans must consider AI infrastructure, retraining timelines, and model drift as a continuity issue.
  • Law, ethics, and compliance: The guidance introduces AI Act obligations, data minimization challenges, and explanation requirements for automated decision-making.

ISC2’s commitment to relevance is built into its exam process. Through a rigorous three-year refresh cycle, certified Subject Matter Experts and active practitioners ensure each certification reflects today’s cybersecurity realities. As AI continues to reshape areas such as risk management, architecture, network security, operations, and software development, ISC2 translates those changes into measurable competencies that prepare professionals to lead in the AI era.

Sources: