Most certification launches fill one gap with one credential. In February 2026 EC-Council did something different, releasing four AI certifications at once under a single umbrella it calls the Enterprise AI Credential Suite. The company described the move as the largest single expansion in its 25 year history. That headline number is not the interesting part, though. What matters is the structure behind it.
These are not four versions of the same exam. Each one maps to a different point in how an organization actually puts AI to work, from baseline literacy for the person typing prompts to offensive testing for the person trying to break a model. If you are trying to figure out which of the four belongs on your roadmap, the first thing to understand is that EC-Council built them for different roles, not to compete with each other. This article walks through all four, explains what each one validates, and shows where they land against the rest of the certification field.
Four credentials, four roles. The value is not the count EC-Council shipped. It is that each one targets a separate job in the AI lifecycle instead of selling the same knowledge four times over.
What EC-Council Actually Launched
The Enterprise AI Credential Suite is four role based certifications plus an overhauled executive program (Certified CISO v4) that sits outside the AI suite. Those four AI credentials are Artificial Intelligence Essentials, Certified AI Program Manager, Certified Offensive AI Security Professional, and Certified Responsible AI Governance and Ethics. Everything in the suite hangs off a model EC-Council calls ADG, which stands for Adopt, Defend, and Govern. Adopt is about deploying AI deliberately with safeguards in place. Defend is about protecting AI systems from threats like prompt injection, data poisoning, and model exploitation. Govern is about building accountability and oversight in from the start rather than bolting it on after something goes wrong.
The timing is not random. EC-Council points to two figures to explain the push. IDC has estimated that unmanaged AI risk could reach 5.5 trillion dollars globally, and Bain & Company has projected a reskilling gap of roughly 700,000 workers in the United States alone. Whether those numbers hold up over time is a separate question, but they capture the real pressure these certifications respond to: organizations are moving AI out of pilot projects and into daily operations faster than they are training people to run it safely.
Here is the table I keep coming back to when someone asks me to explain the suite in one screen.
How the Four Certifications Break Down
Artificial Intelligence Essentials (AIE)
AIE is the entry point. It is built for practical fluency rather than theory, meaning the goal is to get a working professional comfortable using AI tools responsibly and recognizing where the obvious pitfalls are. Think of the analyst who now has a copilot in their workflow, the marketer feeding prompts to a model, or the manager who needs to understand what the technology can and cannot do before signing off on it. This is the credential that gives a whole organization a shared vocabulary. In my experience teaching foundational material, that shared vocabulary is worth more than people expect, because most AI mistakes inside companies come from confusion about basics, not from advanced attacks.
Certified AI Program Manager (CAIPM)
CAIPM sits in the management lane. The problem it addresses is one every organization runs into about six months after the excitement wears off: lots of AI activity, no clear line from that activity to results. This certification targets the person responsible for translating an AI strategy into actual delivery, which means aligning teams, setting up governance checkpoints, and keeping a project on a timeline that produces something the business can measure. It is not a technical credential in the coding or model breaking sense. Think of it as a delivery and accountability discipline, close to project or program management but pointed specifically at AI work.
Certified Offensive AI Security Professional (COASP)
COASP is the deep technical one, and the most distinctive of the four. It applies red team thinking to AI systems. Candidates work through attacks against large language models and AI agents, including prompt injection, jailbreaking, prompt chaining, data poisoning, and model theft, then learn to harden the infrastructure those systems run on. EC-Council maps the material to the OWASP Top 10 for LLM applications and to MITRE ATLAS, which are the two reference frameworks that have emerged for adversarial AI. If you already do penetration testing or offensive security, this is the credential in the suite that extends a skill set you have rather than building one from scratch. It is also the one where hands on practice will matter most, because reading about a prompt injection and actually pulling one off against a defended model are very different things.
Certified Responsible AI Governance and Ethics (CRAGE)
CRAGE is the governance and ethics credential, aimed at enterprise scale oversight. It covers responsible AI practices and ties them to recognized compliance frameworks, including the NIST AI Risk Management Framework and ISO standards. This is the seat for people in GRC, compliance, legal, and policy roles who have to answer for how an organization uses AI, not just whether it works. Governance is where AI certifications have clustered over the past year, so CRAGE enters a space that already has competition, and the NIST and ISO mapping is the part worth paying attention to when you compare it to other options.
Where These Fit in the Cert World
The AI certification field splits along a few clear lines, and these four land in different places on the map. Start with foundational versus specialist. AIE is foundational, the kind of credential a broad population can earn. The other three are specialist credentials pointed at defined roles. More important is the second split, the divide between knowledge based and role based credentials. A lot of early AI certifications tested whether you understood concepts. EC-Council built this suite around what someone in a specific job is supposed to do, which is why a program manager credential and an offensive security credential can live under the same roof without overlapping.
There is also the question of how AI specific certifications stack against traditional security certifications that have added AI content. A general security certification might now include a module on AI risk. That tells you the topic matters. It does not give you the depth that a dedicated credential like COASP or CRAGE is built to provide. The honest read is that they answer different needs. A broad certification proves general competence, while a focused AI credential signals that you went past the survey level into one part of the AI lifecycle. If you want a wider view of how the AI credential market is sorting itself out, our breakdown of which AI certifications will actually matter in 2026 covers the wider field beyond any single vendor.
One caution from years of watching new certifications enter the market. A credential earns its value when employers start asking for it by name in job postings. These four are new, so that signal is still forming. The skills behind them are real and in demand right now. Those specific letters after your name carry weight gradually, as hiring managers learn what they mean. Earn them for the skills first, and treat the resume value as something that builds over the next year or two.
Who Should Look at Each One
Matching the credential to the role is the whole game here, so let me be direct about it. AIE fits almost anyone whose job now touches AI tools and who wants a structured way to prove baseline competence. CAIPM fits project managers, program leads, and the people who own AI initiatives and have to show results to leadership. COASP fits penetration testers, red teamers, and security engineers who want to move into adversarial AI work, and it assumes you are comfortable with offensive security going in. CRAGE fits the governance crowd: GRC analysts, compliance officers, risk managers, and policy people who need to defend how AI gets used.
If you are deciding where to start and AI is new territory for you, AIE is the logical first step before any of the specialist tracks. When governance is your lane specifically, it is worth thinking through your goals before you commit, and the questions in our guide on how to choose an AI governance certification apply cleanly to CRAGE.
What to Check Before You Register
Because these credentials are new, exam logistics and any prerequisites are still settling, and EC-Council sets and updates those details on the official course pages. Confirm the current format, length, and delivery method directly from the source before you build a study plan around it. For COASP especially, look at whether your registration includes lab or range access, since the offensive material does not absorb well from reading alone. Treat the published outline for each exam as your study map and weight your prep toward the domains that carry the most questions, the same approach that works for any structured certification.
Frequently Asked Questions
What are EC-Council’s four new AI certifications?
The four credentials are Artificial Intelligence Essentials (AIE), Certified AI Program Manager (CAIPM), Certified Offensive AI Security Professional (COASP), and Certified Responsible AI Governance and Ethics (CRAGE). They launched in February 2026 as part of EC-Council’s Enterprise AI Credential Suite.
What is the ADG framework?
ADG stands for Adopt, Defend, and Govern. It is EC-Council’s operating model for how organizations should put AI to work: adopt it deliberately with safeguards, defend the systems against threats like prompt injection and data poisoning, and govern the whole thing with accountability and oversight built in. The four certifications align to these stages.
Is Artificial Intelligence Essentials (AIE) for beginners?
Yes. AIE is the foundational credential in the suite, built for baseline AI literacy and responsible use across roles. It suits anyone whose work now involves AI tools and who wants a structured way to demonstrate basic competence before moving into a specialist track.
What does the Certified Offensive AI Security Professional (COASP) cover?
COASP applies red team techniques to AI systems. It covers attacks against large language models and AI agents, including prompt injection, jailbreaking, data poisoning, and model theft, along with hardening the infrastructure around them. EC-Council maps the material to the OWASP Top 10 for LLM applications and MITRE ATLAS.
Do these AI certifications have experience prerequisites?
EC-Council positions AIE as foundational and the other three as role based credentials aimed at defined functions. Because the suite is new, exam requirements and any prerequisites are still settling. Check the current details on the official course pages before you plan, since EC-Council sets and updates them.
How are these different from traditional cybersecurity certifications?
A traditional security certification might include an AI module, which signals the topic matters but stays at a survey level. These four are dedicated AI credentials that go deeper into one part of the AI lifecycle, whether that is offensive testing, program delivery, or governance. The two types serve different purposes rather than replacing each other.
Which EC-Council AI certification should I start with?
If AI is new ground for you, start with AIE to build a foundation. Otherwise pick the credential that matches your role: CAIPM for program and delivery leads, COASP for offensive security professionals, and CRAGE for governance, risk, and compliance people.
CMO & Certification Guru | Training Camp
Mike McNelis is the CMO at Training Camp, where he combines a passion for technology with a hands-on approach to leadership. Beyond overseeing marketing strategy, Mike is actively involved in the technical side of the business — collaborating with clients, shaping learning solutions, and staying connected to the fast-changing world of IT and cybersecurity. He works closely with companies, government agencies, and individuals to help them achieve meaningful certification and workforce development goals.