GIAC Offensive AI Analyst (GOAA)

• AI-powered reconnaissance & OSINT automation
• AI-aided vulnerability discovery, patch diffing, and exploit generation
• Malware development with AI
• Bypassing security controls and guardrails
• Designing and deploying AI-driven phishing
• Legal, ethical, and OPSEC considerations

• SOC & incident response analysts
• Red team & penetration testers
• National security & law enforcement analysts
• Security consultants & risk managers
• Security Engineers and Architects
• Security managers
• AI and machine-learning enthusiasts

GOAA with CyberLive™ Hands-On, Real-World Skill Validation

GIAC knows that cyber security professionals need:

• Discipline-specific certifications
• Practical testing that validates their knowledge and hands-on skills

In response to this industry-wide need, GIAC developed CyberLive™ - hands-on, real-world practical testing.

CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:

• Actual programs
• Actual code
• Virtual machines

Candidates are asked practical questions that require performance of real-world-like tasks that mimic specialized job roles.

Find out more about CyberLive here.

NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

• Artificial Intelligence Fundamentals
  Candidates will demonstrate an understanding of core AI concepts—natural-language processing (NLP); generative techniques such as generative adversarial networks (GAN) and retrieval-augmented generation (RAG); vector databases; and custom GPTs/assistants. They will distinguish between adversarial and offensive AI and show familiarity with both commercial and open-source AI platforms.
• Audio, Image, and Video Deepfakes
  Candidates will demonstrate an understanding of tools and techniques for creating audio, image, and video deepfakes for social-engineering attacks, including the key components—e.g., speech elements—needed to produce convincing content.
• Bypassing Defensive Controls
  Candidates will explain techniques for evading defensive controls, describe Windows Defender architecture and its exploitable components, and apply AI models to achieve effective defense bypass.
• Creating Malicious Software with AI
  Candidates will demonstrate understanding of how AI models can be used to generate malware samples for ethical penetration-testing use and craft prompts that bypass large-language-model security guardrails.
• Creating Phishing Emails with AI
  Candidates will demonstrate an understanding of tools such as GoPhish and the Social Engineering Toolkit (SET) and apply prompt-engineering techniques to craft high-quality phishing emails.
• Malware Fundamentals
  Candidates will demonstrate an understanding of malware fundamentals—payloads, exploits, propagation vectors, droppers, and downloaders—and explain common persistence, anti-detection and anti-analysis mechanisms.
• Network Scanning and Vulnerability Detection
  Candidates will demonstrate an understanding of network-enumeration and vulnerability-scanning methodologies and tools, and integrate scan outputs into AI-agent workflows to identify and contextualize vulnerabilities.
• Social Engineering Fundamentals
  Candidates will demonstrate an understanding of social-engineering attack surfaces, objectives, and psychology in penetration testing, and articulate the associated legal and ethical considerations.
• Using AI for OSINT
  Candidates will demonstrate an understanding of the reconnaissance phase of penetration testing, apply AI safely and ethically during OSINT activities, and identify common OSINT data-gathering tools.
• Using AI for Web Exploitation
  Candidates will demonstrate an understanding of how AI-powered tools can be leveraged to streamline workflow and execute precise web-application attacks, including SQL-injection and command-injection techniques.

• Training is available in a variety of modalities including live training and OnDemand.
• Practical work experience can help ensure that you have mastered the skills necessary for certification.
• College level courses or self paced study through another program or materials may meet the needs for mastery.
• Get information about the procedure to contest exam results.

Practice Tests

• These tests are a simulation of the real exam allowing you to become familiar with the test engine and style of questions.
• Practice exams are a gauge to determine if your preparation methods are sufficient.
• The practice bank questions are limited so you may encounter the same question on practice tests when multiple practice tests are purchased.
• Practice exams never include actual exam questions.
• GIAC recommends leveraging additional study methods for test preparation.