GOAA
GIAC Offensive AI Analyst
Created per CertMap methodology · Updated 12 May 2026 · About the editorial team →
▾ Jump to …4 sections
Overview
What is GOAA?
GOAA is GIAC's specialized certification for offensive AI techniques and targets red teamers, penetration testers, and SOC analysts who need to understand and simulate AI-enabled attack tools. It is based on SANS course SEC535 and features GIAC's well-known exam structure with optional CyberLive component (practical lab environment). Strength: GIAC certifications enjoy high credibility in the security industry, and the offensive perspective on AI is a differentiating unique selling point. Weakness: The certification does not cover defensive controls, AI supply chain security, or governance frameworks – it is clearly tailored to offensive specialists and thus addresses only a small segment of the market. At 999 USD exam fee plus additional SANS course costs, the financial investment is substantial.
Suitable for
Quick facts
Key details
Cost, prerequisites, exam & renewal
Cost over 5 years
Prerequisites
No formal prerequisites. SANS course SEC535 'Offensive AI – Attack Tools and Techniques' is recommended. Practical experience in penetration testing, red teaming, or security analysis is factually necessary for exam success.
Exam format
GOAA; 56; 2 hours; Proctored Exam; primarily Multiple Choice, CyberLive component with practical tasks in real environment (VMs, real tools); 67%; Remote via ProctorU or test center via Pearson VUE; 120 days from activation; 999 USD
Renewal & maintenance
Validity period 4 years. Renewal possible from 2-year mark: Collect 36 CPE credits over the 4-year period + one-time renewal fee of 499 USD (non-refundable). CPE credits can be earned from security trainings, conferences, courses, or publications. Alternative: Retaking the certification exam.
Classification
CertMap score and matching roles
Rating
Matching NICE roles
Mapping from NIST NICE Framework SP 800-181, status 2025. NIST source ↗
More certifications
More certifications
This page follows CertMap methodology: editorial content is curated by hand. Score, costs and NICE mapping are aggregated from official provider documents. Score methodology → · TCO methodology →
Transparency: CertMap is operated by Daniel Thomas Heessel, who is also managing director of Threat‑Informed, a company specialising in Threat‑Informed Defense. He additionally offers consulting services on CertMap. CertMap currently receives no commissions from certification providers, no affiliate links, no sponsored placements. Podcast and interview guests are not paid for appearances and receive no affiliate commissions.
From the knowledge base
View all articles →About the CertMap editorial team
CertMap is an independent platform for comparing cybersecurity certifications, built on data-journalism standards that combine editorial curation with mechanical aggregation.
Certification vs. Certificate: What's the Difference?
Personnel certification per ISO/IEC 17024 versus a training certificate. Why the distinction matters.
BSI IT-Grundschutz: Practitioners, Advisors, and the Accreditation Question
What distinguishes Practitioner from Advisor, and where does accreditation sit in the BSI path?
1:1 with the CISO
Need the full picture for your case?
60 minutes of personal strategy instead of weeks of self-research. Vendor-independent, with a written report.