GIAC AI Security Automation Engineer (GASAE)
The GIAC AI Security Automation Engineer (GASAE) certification validates ability to apply practical, real-world automation and artificial intelligence across offensive, defensive and cloud security operations.
Certified professionals prove their proficiency in applying advanced tactics such as automated vulnerability discovery, AI driven attack simulations, host remediation, infrastructure automation workflows and SOAR driven incident response.
Areas Covered
- Automating asset discovery, configuration management and incident response workflows
- Using automated offensive tools and adversary emulation to identify vulnerabilities
- Deploying scripts and configurations to remediate Windows and Linux hosts
- Applying AI concepts such as LLMs, RAG and agentic AI to detection and response
- Building automation with scripting, Infrastructure as Code and collaborative red/blue team tools
- Analyzing host artifacts and integrating automation into SOC operations
- Implementing Azure and AWS security automation for monitoring and incident response
- Using automated attack chaining and breach and attack platforms to assess defensive readiness
Who is GASAE for?
- Security Operation Center Analysts
- Incident Responders and Forensic Analysist
- Red Team Operators and Penetration Testers
- Purple Team Engineers
- Security Automation and Orchestration Engineers
- Cloud Security Engineers
- Detection Engineers and Threat Hunters
- DevSecOps and Infrastructure as Code Engineers
- Security Architects
CyberLive: Real labs. Real tools. Real skills.
CyberLive is a hands-on exam format that replaces traditional multiple-choice testing with performance-based challenges in realistic lab environments to validate real-world capability.
Virtual Machines:
Full-scale lab systems that behave like physical computers: install, attack, defend, and run services.
Real Security Tools:
Exact tools used by professionals every day including all the quirks and challenges
Authentic Code:
Real code, real exploits, real impacts
Instructor Testimonial
“Instructor Testimonial
Every security team is talking about AI, but few can implement it at scale. GASAE closes that gap—proving you can engineer AI-driven security, not just understand it in theory. The breakthrough isn’t AI alone or automation alone—it’s the combination. AI without automation becomes an expensive chatbot. Automation without AI turns into brittle scripts. Together, they create scalable, resilient security workflows. The market isn’t looking for observers—it’s looking for builders. GASAE validates the ability to design agentic workflows, automate adversary emulation, deploy AI-driven response playbooks, and operate at enterprise scale.”
Exam Format
- 1 proctored exam
- 3 hours
- Minimum passing score of 70%
- 110 questions
Note: GIAC periodically reviews and may update certification specifications to ensure fairness, validity, and reliability. Using a psychometric standard-setting study, GIAC has set the passing score for the GASAE exam at 70% for all candidates who receive the exam version released on or after April 10, 2026.
To confirm the exam format and passing score that apply to your specific attempt, please refer to the Certification Information section of your GIAC account: https://exams.giac.org/pages/attempts.
Certification Delivery
GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.
NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.
Exam Certification Objectives & Outcome Statements
- Adversary Emulation FundamentalsThe candidate will demonstrate an understanding of adversary emulation frameworks and automation techniques, tools and breach-and-attack simulation platforms to model and chain offensive attack behaviors.
- Artificial Intelligence FundamentalsThe candidate will demonstrate an understanding of artificial intelligence fundamentals, including how AI processes text, large language models, retrieval-augmented generation, different types of AI models, and the characteristics of agentic AI.
- Automating Offensive WorkflowsThe candidate will demonstrate an understanding of how to deploy and automate offensive security workflows using frameworks and tools such as agentic AI, cloud adversary emulation platforms, and orchestration techniques for chaining attacks to simulate real-world adversaries.
- Automating WorkflowsThe candidate will demonstrate an understanding of workflow automation using scripting languages, infrastructure as code tools, and collaborative environments to support incident response, offensive operations, and purple team collaboration.
- AWS Cloud Security and Incident Response AutomationThe candidate will demonstrate an understanding of AWS security and automation services and how they are applied to compliance, logging, automated incident response, and continuous security improvement. The candidate will also demonstrate an understanding of how AWS tools can be used to build AI-assisted security workflows.
- Azure Cloud Security and Incident Response AutomationThe candidate will demonstrate an understanding of the security controls and automation capabilities in Azure, including infrastructure as code, Microsoft Defender, Sentinel, and AI-driven services and how they support incident response, security monitoring, and continuous improvement.
- Defensive Security AutomationThe candidate will demonstrate an understanding of how automation supports defensive security operations, including agent deployment, incident artifact collection, enrichment, and integration into modern SOC and fusion center workflows.
- Security Automation FundamentalsThe candidate will demonstrate an understanding of common security automation terminology, tools, and strategies for selecting, planning, and deploying automation workflows leveraging DevOps principles.
- Security Orchestration Automation and ResponseThe candidate will demonstrate an understanding of how to utilize security orchestration and automation techniques to enhance incident response efficiency and effectiveness of a security operations team using playbooks, independent tool integrations, and common SOAR tools.
- Using Automation and AI for Detection Engineering and Incident Response The candidate will demonstrate an understanding of how automation and AI support detection engineering and incident response, including their application across incident response models, forensic tooling, SOAR playbooks, enrichment, and the integration of generative and agentic AI to enhance SOC capabilities.
Practice Tests
- Practice exams are a simulation of the real exam, allowing you to become familiar with the test engine and style of questions
- Practice exams can serve as a gauge to determine if your preparation methods are sufficient
- The bank of practice questions is limited, so you may encounter the same question on multiple practice tests
- Purchase a GASAE practice test here
- Practice exams never include actual exam questions
Other Resources
- Training is available in a variety of modalities including live training and OnDemand
- Practical work experience can help ensure that you have mastered the skills necessary for certification
- College level courses or self-paced study through other programs or materials may meet the needs for mastery
- Understand the procedure to contest exam results