AI tools are now a normal part of how cybersecurity professionals work, and that puts certification programs in an interesting position: how do we balance real-world tool usage with academic integrity concerns?

After careful consideration, we’ve updated our Terms and Conditions to address AI tool usage during exams. Here’s what changed, what it means for our students, and why we made this call.

TLDR: AI Use is Allowed, With Disclosure

You may use AI tools during your exam, but you must disclose how you used them, and the work needs to demonstrate your own understanding and judgment. AI is a tool, not a replacement for knowing your stuff.

Why We Updated the Policy

The cybersecurity industry is constantly evolving. AI-powered tools have become a standard part of many professional toolkits and knowing how to use them to accelerate and automate workflows separates good practitioners from great ones.

Completely banning AI tools would create a disconnect between our exams and real-world practice. At the same time, allowing AI without guardrails would introduce academic integrity concerns and undermine the purpose of certification, which is to confirm that you can do the work.

We believe that AI is a tool. Think of it the same way you’d think about a reference guide, a code library, or a calculator. It can assist your thinking, but it can’t replace it. Our updated policy reflects that view.

What’s Allowed and What Isn’t

The Disclosure Requirement

If you use an AI tool, you need to say so clearly in your exam report. This isn’t a gotcha, it’s a professional standard. In most fields, disclosing your tools and methods is part of doing credible work. We’re holding our exams to the same standard.

For example, in a report for the Practical SOC Analyst Associate exam, you might write something like:

“I uploaded the Windows event logs from the affected endpoint to Claude and asked it to highlight any authentication events or privilege escalation attempts. I reviewed the output against what I found in the SIEM, cross-referenced the flagged events with the timeline I built manually, and found X,Y,Z.”

The TCM Security Perspective

Certifications should keep pace with how professionals actually work. Skilled professionals are the ones who know how to use tools as a force multiplier and don’t simply rely on outputs.

A credential from TCM Security should mean something. That means the person holding it has demonstrated real competence, beyond just prompting an AI model. This update is our attempt to stay relevant and rigorous at the same time.

If you have questions about how this applies to your specific exam, reach out to our team. We’re happy to talk it through.

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: sales@tcm-sec.com

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

tel: (877) 771-8911 | email: info@tcm-sec.com