CompTIA updates CySA+ exam to boost AI & SOC skills

CompTIA has updated its CySA+ cybersecurity analyst certification exam, expanding its focus on AI and security operations centre work.

The revised exam, CySA+ V4, is built around the day-to-day work of cybersecurity analysts in security operations centres. It places greater emphasis on scenario-based assessment across threat detection, incident response, vulnerability management and stakeholder communication.

The update comes as employers face more complex cyber threats and make greater use of automation in security teams. The exam has been aligned with intelligence-led approaches to cyber defence and the wider use of AI tools in operational settings.

New content includes broader coverage of AI in security operations, including uses such as log analysis and automation. The exam also addresses AI-related risks, including hallucinations and data exposure.

It also places more emphasis on Zero Trust, identity security in hybrid environments, vulnerability prioritisation methods such as EPSS, and the use of reporting and key performance indicators to connect technical findings with business impact. It gives increased attention to identity-based attacks, cloud activity and social engineering.

The update reflects a shift in expectations for cybersecurity analysts. Employers increasingly want staff who can not only identify suspicious signals but also assess risk, respond quickly and explain technical issues in operational or business terms.

Katie Hoenicke, chief product officer at CompTIA, said the revised qualification is intended to reflect that change.

"As cyber threats grow more complex, organizations can't rely on monitoring alone," Hoenicke said.

"There's a growing need for professionals who can quickly interpret signals, act on threats and mitigate risk in real time while leaning into AI tools to expedite detection and mitigation. CySA+ validates the hands-on capabilities analysts need in modern security operations."

Exam changes

The exam now places more emphasis on practical work in modern security environments rather than narrower monitoring tasks. That includes how analysts investigate threats, prioritise remediation work and operate within more automated security workflows.

CompTIA also highlighted the role of infrastructure complexity in shaping the update. Security teams are increasingly dealing with hybrid environments, identity controls and cloud-based activity, all of which create different forms of exposure and require broader operational knowledge.

Carl Bowman, senior vice president for exam services at CompTIA, said the revised test is intended to keep pace with those changes.

"As cybersecurity operations become more automated and AI-driven, certifications must keep pace," Bowman said.

"The new exam emphasizes real-world SOC tasks and expands coverage of AI, so CySA+ certified analysts are equipped with the practical skills they need to operate effectively in today's more complex security environments."

Wider market

CompTIA is one of the largest providers of vendor-neutral technology certifications, with more than four million certifications awarded across its programmes. CySA+ sits within its cybersecurity portfolio and is aimed at analysts working in threat detection and response roles.

Supporting learning products have also been updated to match the new exam objectives. These include CertMaster Learn, CertMaster Labs and CertMaster Perform, with content covering the use of AI and related tools in cybersecurity analyst roles.

The refresh underlines how certification providers are adjusting course content as cyber defence becomes more closely tied to automation, identity controls and business reporting. It also points to a labour market that increasingly values applied operational judgement alongside technical knowledge.

Available worldwide, the revised CySA+ exam focuses on practical SOC work and adds coverage of AI-related risks such as hallucinations and data exposure.