TAISE Compass: AI Safety Education Curriculum for Secondary Students

Research Note | 2026-03-27 | Status: draft

TAISE Compass: AI Safety Education Curriculum for Secondary Students

Key Takeaways

  • The White House Task Force on AI Education, established by Executive Order in April 2025, has mandated a nationwide effort to integrate AI literacy into K-12 education and develop an AI-ready workforce — but no federally backed curriculum specifically addresses the safety and security dimensions of AI agents at the high school level.
  • The global cybersecurity workforce shortfall is estimated at between 2.8 and 4.8 million professionals, and AI skills have moved into the top-five required competencies for cybersecurity roles in just two years; the pipeline to close this gap must begin no later than secondary school.
  • TAISE Compass consists of five sequenced modules covering agent fundamentals, privacy and safe interaction, critical evaluation of agent outputs, ethics of autonomous systems, and AI security career pathways — all designed for use in existing STEM, computer science, or digital literacy courses without requiring specialized instructor credentials.
  • The curriculum maps directly to current CSTA K-12 Computer Science Standards, Next Generation Science Standards practices, and the pending 2026 CSTA PK-12 Standards revision, ensuring durability and adoption compatibility.
  • Compass completers are eligible for an articulated community college credit pathway toward the TAISE Associate certification, creating a measurable bridge between secondary education and the professional AI security workforce.

Background

The AI Education Imperative

The United States is navigating a critical inflection point in its relationship with artificial intelligence. AI agents — systems capable of autonomous reasoning, tool use, multi-step planning, and interaction with external services — have moved from research laboratories into everyday deployment across healthcare, finance, education, legal services, and national security infrastructure. Unlike the first wave of AI tools, which required explicit human direction for each output, agentic systems make decisions, take actions, and invoke real-world capabilities with varying degrees of human oversight. The citizens, workers, and security professionals of the next decade must understand how these systems work, where they fail, and how they can be manipulated — not as an advanced specialization, but as a basic component of technological literacy.

Congress and the executive branch have recognized this reality. On April 23, 2025, President Trump signed the Executive Order on Advancing Artificial Intelligence Education for American Youth, establishing the White House Task Force on Artificial Intelligence Education [1]. Chaired by the Director of the Office of Science and Technology Policy, the Task Force brings together the Secretaries of Agriculture, Labor, Energy, and Education alongside the Director of the National Science Foundation, the Special Advisor for AI and Crypto, and White House domestic policy leadership [1]. The order directs coordinated federal action to promote “AI literacy and proficiency among Americans” through K-12 curriculum integration, comprehensive educator training, and the creation of an AI-ready workforce pipeline, while directing the Secretary of Labor to give priority consideration to grant applicants who commit to developing AI courses and certification programs accessible to high school students [1]. By December 2025, the Task Force had convened its third formal meeting with cabinet officials, educators, and parents to assess progress and refine implementation strategy [2].

Despite this federal momentum, a significant gap persists between the aspiration of national AI literacy and the operational reality inside school buildings. Most current K-12 AI curricula — including otherwise excellent programs from Google, MIT Media Lab, and Code.org — focus on general AI literacy, foundational machine learning concepts, or ethical awareness in broad terms [3][4]. Very few address the specific safety and security challenges posed by agentic AI systems: the risks that arise when an AI can act autonomously, the manipulation techniques that bad actors use against agent-based systems, the privacy implications of agents that retain memory and invoke third-party tools, and the professional skills required to design, audit, and defend these systems. TAISE Compass is designed to fill precisely that gap.

The Workforce Pipeline Problem

The urgency of this curriculum is underscored by workforce data that describes a compounding crisis. The global cybersecurity workforce shortfall stands at an estimated 2.8 to 4.8 million professionals as of 2025, with the World Economic Forum’s Global Cybersecurity Outlook reporting that the cyber skills gap grew by 8% between 2024 and 2025, and two out of three organizations reporting moderate-to-critical skills deficits [5]. More specifically, AI skills — which were not considered a required cybersecurity competency as recently as 2023 — have become a top-five hiring requirement, and organizations increasingly report that they cannot find candidates who understand how to secure, audit, or attack AI-powered systems [6]. This demand is not abstract: it will manifest in hiring decisions made about the high school students sitting in classrooms today.

The National Science Foundation has responded to this pressure through its K-12 AI Education initiative, offering supplemental funding to ExLENT and ATE grantees willing to develop or expand AI-related education for high school students in partnership with community colleges and industry partners [7]. The Department of Education has issued formal guidance calling on schools to expand AI and computer science education and to use professional development resources to build educator capacity [8]. These federal instruments create a receptive policy environment for a structured curriculum such as TAISE Compass — and, critically, they provide funding pathways that school districts can use to adopt and sustain the program.

Why High School Is the Right Entry Point

The developmental and structural logic for targeting high school students is straightforward. Secondary school represents the last broadly accessible point in the public education system — the moment before students make consequential decisions about college, career, and technical training that will define their professional trajectories. Research on career interest formation consistently shows that exposure to a professional domain before age eighteen is one of the strongest predictors of pursuing that field, and that underrepresented groups in technology — including women, students from lower-income households, and students of color — are disproportionately influenced by whether they encountered the field in a structured school setting [9]. A high school AI safety curriculum is therefore not only a workforce development instrument but an equity intervention.

High school also represents the point at which students are cognitively capable of engaging with the genuine complexity of AI safety: the tradeoffs between capability and oversight, the institutional questions about responsibility when systems cause harm, and the technical fundamentals of how agents are built and how they can fail. Younger students benefit from AI literacy concepts — and programs exist to serve them — but the ethical nuance, the career relevance, and the technical depth required to make meaningful contributions to AI safety are best suited to the grades 9 through 12 developmental window. TAISE Compass is designed for that window specifically, with differentiated implementation guidance for introductory (grades 9-10) and advanced (grades 11-12) cohorts.

Five Curriculum Modules

TAISE Compass is organized as five sequenced modules totaling approximately thirty instructional hours, designed to be delivered across a single semester as a standalone elective, as an integrated unit within an existing computer science or digital literacy course, or as an after-school or summer program. Modules are designed so that individual units can be used independently where full adoption is not immediately feasible, though the full sequence provides the strongest preparation for the TAISE Associate pathway. Each module includes a teacher guide, student-facing materials, assessment instruments, and suggested extension activities. The following sections describe each module in detail.

Module 1: What AI Agents Are and How They Work

Rationale. Before students can reason about the safety, ethics, or career dimensions of AI agents, they need a conceptually accurate mental model of what agents are and what distinguishes them from the AI tools they already use. Most students in 2026 have significant personal experience with AI-powered products — conversational assistants, recommendation algorithms, generative image tools — but that experience rarely translates into understanding of the underlying architecture. The first module builds the conceptual vocabulary that all subsequent modules depend on, without requiring programming knowledge or mathematical prerequisites.

Learning Objectives. Students completing this module will be able to explain the difference between a conversational AI model and an AI agent in terms of tool access, memory, and action capability; identify at least three real-world contexts where AI agents are deployed and describe what tasks those agents perform autonomously; explain how an agent uses a planning cycle to break a complex goal into steps and invoke tools to accomplish each step; and describe what it means for a human to be “in the loop” or “out of the loop” in an agent workflow, with examples of when each configuration is appropriate.

Key Concepts. The module introduces the anatomy of an AI agent — the model (reasoning engine), the tool set (actions the agent can take), memory (what the agent retains between steps and between sessions), and the orchestration layer (how instructions flow and how outputs are routed). Students examine the distinction between single-shot inference (a chatbot answering a question) and multi-step agentic execution (an agent that receives a goal, plans a series of steps, calls tools such as web search or code execution, evaluates intermediate results, and continues until the goal is achieved or a stopping condition is met). The module also introduces the concept of trust in agent systems: how agents are granted permissions, why those permissions are consequential, and what can go wrong when agents act on behalf of users without adequate oversight.

Activities. In the first activity, “Agent Anatomy Dissection,” students are given five vignette descriptions of AI systems — ranging from a spam filter to a fully autonomous research agent — and must categorize each on a two-axis diagram: low to high autonomy, and narrow to broad action capability. Classroom discussion explores which systems feel familiar and which feel surprising, establishing that agency is a spectrum rather than a binary. In the second activity, “Trace the Steps,” students are given a transcript of an AI agent executing a multi-step task (for example, researching a topic and drafting a summary document) and must reconstruct the planning cycle: what did the agent decide to do, what tools did it invoke, how did it use intermediate results, and at what points could a human have intervened? This exercise builds close reading and analytical skills alongside the technical concepts. A third extension activity, available for advanced students, uses a no-code agent-building platform to construct a simple single-task agent, examine its permission set, and document what could go wrong if any single component were compromised or misconfigured.

Assessment. Students complete a structured reflection in which they identify an AI agent they have encountered in their own life (explicitly or implicitly), describe its architecture in terms of the module’s vocabulary, and evaluate whether the human oversight level seems appropriate for the stakes of the task. Instructors assess using a provided rubric evaluating conceptual accuracy, reasoning quality, and evidence of critical engagement rather than factual recall alone.

Module 2: Privacy and Safety in Agent Interactions

Rationale. AI agents present privacy challenges that are qualitatively different from those posed by conventional apps or even standard conversational AI. An agent may retain memory across sessions, invoke third-party services that receive user data as a side effect of tool execution, act on behalf of users in contexts the user did not fully anticipate, or be manipulated by malicious content in the environment to take actions the user never authorized. These risks are not hypothetical: researchers have documented real-world attacks in which agents were induced to exfiltrate user data, send unauthorized communications, or modify documents based on adversarially crafted content embedded in the agent’s operating environment. This module equips students to recognize these risks, practice safe interaction habits, and understand why privacy in agent contexts requires more than conventional digital literacy.

Learning Objectives. Students will be able to identify the categories of data that AI agents may collect, store, or transmit and explain why agent memory creates privacy exposure beyond what a typical app session involves; recognize at least three manipulation techniques that adversaries use against AI agents, including prompt injection, jailbreaking, and role-play exploitation; apply a set of safe interaction practices when using AI agents in personal and academic contexts; and explain what informed consent means in the context of authorizing an agent to act on one’s behalf, including what questions a user should ask before granting an agent access to personal accounts or data.

Key Concepts. The module covers the data lifecycle in an agentic context: what information enters the system (user inputs, retrieved data, tool outputs), what is retained in short-term and long-term memory, what may be transmitted to third-party services through tool calls, and what logging and audit trails the system maintains. Students examine the concept of prompt injection — the technique by which malicious content embedded in a document, webpage, or message can redirect an agent’s behavior — through illustrative, non-technical examples before being introduced to the formal definition. The module also addresses manipulation techniques directed at users rather than agents: social engineering through apparently trustworthy AI interfaces, AI-assisted phishing that uses agent capabilities to personalize attacks, and the psychological dynamics of anthropomorphism that can lead users to over-trust agent outputs and over-disclose personal information.

Activities. In “Permission Audit,” students are given a realistic scenario in which they are setting up an AI agent assistant and must review a permissions request screen. The screen requests access to email, calendar, contacts, file system, and browser history. Students must decide which permissions to grant, which to deny, and which to grant with conditions — and must write a short justification for each decision. The exercise builds the habit of scrutinizing agent permissions the same way security-conscious users scrutinize app permissions on a smartphone. In “Spot the Injection,” students read four short vignettes in which an agent is given a task, encounters adversarial content in the environment (a webpage, an email attachment, a document), and responds in a way that serves the adversary rather than the user. Students must identify the moment the injection succeeded, explain what the agent should have done differently, and propose a human oversight mechanism that would have caught the problem. A third activity, “Personal Data Inventory,” asks students to map what a personal AI agent would know about them if they granted typical permissions and used the agent daily for one month — creating a concrete representation of the data profile that helps ground abstract privacy concepts in personal relevance.

Assessment. Students complete a privacy impact brief for a hypothetical AI agent product of their choosing (a homework helper, a college application assistant, a personal finance planner). The brief must identify the data the agent collects, the privacy risks each data category creates, the manipulation risks the product should defend against, and the consent and transparency features a responsible product should provide. Assessment uses a rubric that rewards identification of non-obvious risks, quality of reasoning, and specificity of recommended protections.

Module 3: Critical Thinking About Agent Outputs

Rationale. The single most consequential skill students can develop for navigating an AI-saturated environment is the capacity to evaluate AI-generated content critically — to ask not just “what did the agent say?” but “how do I know whether to trust it?” This is a harder question than it appears. AI agents can be fluent and confident while being factually incorrect, systematically biased, or reflecting the interests of whoever deployed them rather than the interests of the user. At the same time, reflexive distrust of AI outputs is equally dysfunctional: the goal is calibrated skepticism, not blanket rejection. This module extends traditional media literacy into the agentic era, providing students with concrete verification strategies and a working understanding of why AI systems fail in characteristic ways.

Learning Objectives. Students will be able to define hallucination in the context of language models and explain why AI agents can produce confident, fluent responses that contain false information; identify at least three types of bias that affect AI outputs — training data bias, representational bias, and confirmation bias in agent task framing — and explain how each can distort results in ways that disproportionately harm specific populations; apply a three-step verification protocol (source identification, independent corroboration, plausibility evaluation) to an AI agent’s factual claims; and distinguish between contexts in which agent recommendations can reasonably be accepted with light review and contexts in which independent verification is essential before acting.

Key Concepts. The module begins with a conceptual treatment of why language models hallucinate: the statistical nature of token prediction, the absence of a ground-truth lookup mechanism in base model inference, and the ways retrieval-augmented generation reduces but does not eliminate this problem. Students examine case studies of consequential AI hallucinations — in legal research, medical information, and financial advice — to understand that the failure mode has real-world stakes. The module then addresses bias: students learn to ask “who is this system optimized for?” and “whose data trained this model?” as fundamental questions rather than afterthoughts. The final conceptual segment addresses the distinction between an agent’s stated reasoning and its actual reasoning, introducing the concept of post-hoc rationalization in AI systems and why an agent’s explanation of its recommendation may not accurately describe the computational process that generated it.

Activities. In “Hallucination Hunt,” students are given a research task and three AI-generated summaries of the same topic, one of which contains a plausible but fabricated citation, one of which contains a subtly incorrect statistic, and one of which is accurate. Students must identify the errors using only sources available through a standard school library database — building both the detection skill and the habit of independent verification. In “Whose Interest Is This?”, students examine three AI agent outputs on the same question (a product recommendation, a health guidance response, and a political summary) produced by agents with different deployment contexts, and must identify the ways each output reflects the priorities of the deploying organization rather than being a neutral factual assessment. The exercise builds critical analysis of AI provenance alongside factual verification. A third activity, “Calibration Challenge,” presents students with ten agent outputs ranging from clearly verifiable factual statements to highly contested claims, and asks them to rate each on a trust scale and justify the rating — then compares their ratings to expert assessments, facilitating reflection on where personal calibration under- or over-trusts AI systems.

Assessment. Students submit an annotated AI transcript in which they have used an AI agent to research a topic of personal interest and have applied the module’s verification protocol to at least five factual claims in the transcript. Annotations must identify the claim, the verification method used, the result of verification, and any bias or framing observations. Assessment rewards thoroughness of verification, quality of bias identification, and accuracy of the student’s own trust calibration.

Module 4: Ethics of Autonomous Systems

Rationale. As AI agents are deployed in consequential contexts — making or influencing decisions about hiring, lending, medical diagnosis, content moderation, and criminal justice — the ethical questions they raise have moved from philosophy seminar to civic necessity. Who bears responsibility when an autonomous system causes harm? How should an agent be designed to handle situations where its optimization objective conflicts with the interests of affected third parties? What does meaningful human oversight look like when an agent operates faster than any human can review? These are not questions with simple answers, but students who have never engaged with them are not equipped to participate as citizens, workers, or voters in the governance of AI systems. This module introduces the core ethical frameworks through concrete cases, building the reasoning capacity to engage with novel situations rather than merely cataloging current debates.

Learning Objectives. Students will be able to identify the parties who bear moral and legal responsibility in a chain of AI agent actions and explain why responsibility attribution is more complex in agentic systems than in conventional software deployments; apply at least two ethical frameworks — consequentialist and deontological reasoning — to a case involving AI agent harm and articulate the different policy conclusions each framework generates; explain what meaningful human oversight of an autonomous system requires, including the conditions under which human review is genuine versus performative; and identify at least three design choices a developer can make to reduce the likelihood of biased or harmful agent outcomes, and explain the tradeoffs each involves.

Key Concepts. The module uses the concept of a “responsibility gap” — the phenomenon in which automated systems cause harm that cannot be cleanly attributed to any individual human actor — as its organizing frame [10]. Students examine the distribution of responsibility among model developers, system deployers, individual operators, and affected users, using the analogy of product liability doctrine to make the legal dimensions accessible without requiring legal training. The module then addresses fairness and bias in decision-making contexts, examining how agents trained on historical data replicate historical inequities and how fairness definitions that appear mathematically neutral can produce outcomes that are practically discriminatory. The final conceptual segment introduces the human oversight principle: the idea, codified in emerging AI governance frameworks including the EU AI Act and the CSA AI Incident Management framework, that consequential autonomous decisions must be subject to meaningful human review — and what “meaningful” requires in practice.

Activities. In “The Responsibility Map,” students are presented with a scenario in which an AI agent used in a hiring process rejects a qualified candidate because of a pattern in the training data. Students are given six role cards — representing the model developer, the HR software vendor, the company that deployed the tool, the HR professional who approved the deployment, the executive who approved the budget, and the candidate who was harmed — and must assign responsibility fractions and justify their allocation. The exercise surfaces the complexity of distributed responsibility and the inadequacy of “the AI did it” as an explanation. In “Override or Comply?”, students are given three scenarios in which an AI agent has produced a recommendation that a human supervisor finds concerning, and must decide whether to override the agent, comply with the recommendation, escalate for additional review, or pause the system entirely — and must defend their decision using an ethical framework. A third activity, “Design for Oversight,” presents students with a high-stakes agentic deployment (an autonomous triage agent in a hospital emergency department) and asks them to design the human oversight mechanism: what triggers a human review, how quickly must a human respond, what information is presented to the reviewer, and what happens if the reviewer is unavailable.

Assessment. Students write a policy memo addressed to a fictional school board that has been asked to approve the use of an AI agent to assist in academic integrity investigations. The memo must identify the ethical risks of the deployment, propose a governance framework including human oversight requirements, recommend fairness safeguards, and take a position on whether the board should approve, reject, or conditionally approve the proposal — with reasoning grounded in the module’s ethical frameworks. Assessment rewards quality of ethical reasoning, specificity of governance proposals, and recognition of competing legitimate interests.

Module 5: Career Pathways in AI Security

Rationale. The preceding four modules build AI safety literacy as a general competency. This module makes the connection explicit: the knowledge and analytical skills students have developed correspond to real, in-demand, well-compensated professional roles — and students interested in pursuing those roles have more entry points than they may realize. A persistent barrier to workforce diversity in cybersecurity and AI is not lack of talent but lack of visibility: students who have never been told that a career in AI security is accessible to them, or who have never seen someone who looks like them in that role, reliably do not pursue it. This module is designed to make the profession visible, concrete, and attainable — including the specific pathway through TAISE to professional certification.

Learning Objectives. Students will be able to describe at least five distinct job roles in AI security, including both technical and policy-oriented positions, and explain the primary responsibilities of each; map their own skills and interests to at least two potential career pathways and identify the next concrete step (course, certification, internship, or program) that would move them toward each; explain what the TAISE certification framework is, what the Associate level requires, and how Compass credit can be applied toward that credential; and identify at least three institutions — colleges, bootcamps, or apprenticeship programs — that offer relevant training in their region.

Key Concepts. The module provides an honest, non-promotional survey of the AI security job market: which roles are growing fastest, what compensation ranges look like across experience levels and geographies, which roles require four-year degrees and which do not, and how the field is evolving as AI agents become more prevalent. Students are introduced to the role taxonomy that includes AI red teamers, AI governance analysts, agentic system auditors, AI incident responders, AI policy advisors, and AI security engineers — with realistic descriptions of what a day in each role involves. The module addresses the diversity gap in the profession directly: current statistics on representation by gender, race, and socioeconomic background are presented alongside institutional efforts — including NSF INCLUDES grants, CyberCorps: Scholarship for Service, and CSA’s own TAISE diversity fellowship program — designed to expand access.

Activities. In “Career Compass,” students complete a structured self-assessment mapping their interests (investigation, building systems, writing and policy, working with people, mathematics and algorithms) to the role taxonomy introduced in the module, and then research one role of interest in depth using job postings, professional profiles, and program websites — culminating in a one-page career brief. In “Path Planning,” students work in pairs to construct a four-year plan from their current grade level to a first professional role, identifying each step (courses, certifications, internships, college programs) and the barriers they anticipate at each transition. Pairs then share plans and provide peer feedback, building the planning and revision skills that are as important as the content knowledge. A third activity, “Practitioner Panel,” brings in at least two AI security professionals (in person or via video) to speak about their career trajectories, with structured student questions prepared in advance using the career brief research as background. Panels are specifically recruited to include practitioners from underrepresented backgrounds to address the visibility gap the module targets.

Assessment. Students submit a portfolio item consisting of their career brief, their four-year path plan, and a one-page reflection on what they learned from the practitioner panel and how it affected their thinking about their own pathway. Assessment uses a holistic rubric that rewards quality of research, realism and specificity of the path plan, and evidence of genuine reflection on barriers and strategies to address them.

Teacher Resources

Effective implementation of TAISE Compass depends on instructor preparation that goes beyond content familiarity. AI safety is a rapidly evolving domain, and teachers who are not themselves practitioners face the legitimate challenge of teaching concepts that may have changed since their last formal training. The Compass teacher resource package is designed to address this directly rather than assume it away.

The core teacher materials consist of a module-by-module implementation guide, detailed lesson plans for each activity including facilitation notes for common student questions and misconceptions, assessment rubrics with anchor examples at proficiency levels, and a curated resource library with annotated links to background reading for instructors. The resource library is updated quarterly to reflect changes in the field, ensuring that instructors teaching the module in the third year of adoption are not working from stale materials. Slide decks and student handouts are provided in editable formats to allow adaptation for different classroom contexts, including differentiation materials for advanced students and scaffolding supports for students with limited prior technical exposure.

Professional development is structured as a twelve-hour preparation sequence that can be completed asynchronously over two weeks or in a two-day synchronous workshop format. The sequence covers the technical foundations underlying each module at a depth sufficient for confident facilitation — instructors do not need to become AI security experts, but they need enough understanding to recognize correct student reasoning and catch significant misconceptions. The professional development also addresses pedagogical strategies specific to AI ethics instruction: how to facilitate genuine ethical debate without endorsing a predetermined conclusion, how to handle student misconceptions that reflect real public discourse, and how to create a classroom environment in which students who use AI tools extensively do not feel implicitly criticized. A network of Compass-trained instructors is maintained to provide ongoing peer support, and the CSA AI Safety Initiative offers quarterly office hours for instructors with questions that arise during implementation.

Assessment rubrics are designed for teachers who are not AI specialists. Rubrics emphasize reasoning process over technical accuracy, reflect the genuine uncertainty of many AI ethics questions, and include calibration guidance to help instructors distinguish strong reasoning that reaches an unexpected conclusion from weak reasoning that reaches a conventional one. Sample student work at multiple performance levels is provided for each major assessment to support consistent grading across teachers and schools.

STEM Education Standards Alignment

TAISE Compass was designed in deliberate alignment with the CSTA K-12 Computer Science Standards (Revised 2017) and the draft 2026 CSTA PK-12 Standards currently in its final refinement phase ahead of the July 2026 official launch [11]. The curriculum also maps to relevant Next Generation Science Standards (NGSS) science and engineering practices, which govern how scientific reasoning should be taught regardless of content domain. The following table maps each Compass module to the most directly applicable standards across both frameworks.

Module CSTA 2017 Standard(s) CSTA 2026 Draft Domain NGSS Science & Engineering Practices
1: What AI Agents Are 3A-AP-16 (modeling computational problems), 3A-CS-01 (hardware/software interactions) Computing Systems; Algorithms and Programming Developing and using models; Obtaining, evaluating, and communicating information
2: Privacy and Safety 3A-NI-06 (cybersecurity strategies), 3A-IC-29 (digital citizen rights and responsibilities) Networks and the Internet; Impacts of Computing Constructing explanations; Engaging in argument from evidence
3: Critical Thinking About Outputs 3A-IC-25 (computing and social problems), 3B-AP-08 (algorithm bias) Algorithms and Programming; Impacts of Computing Analyzing and interpreting data; Engaging in argument from evidence
4: Ethics of Autonomous Systems 3A-IC-24 (legal/ethical impacts), 3B-IC-26 (equity and access in computing) Impacts of Computing Constructing explanations; Engaging in argument from evidence
5: Career Pathways 3A-IC-27 (computing careers diversity) Impacts of Computing; Computing and Society Obtaining, evaluating, and communicating information

Common Core State Standards in English Language Arts are addressed throughout the curriculum through the written assessment instruments: the privacy impact brief (Module 2), the annotated transcript (Module 3), the policy memo (Module 4), and the career portfolio (Module 5) all require the argumentative writing, evidence-based reasoning, and audience-appropriate communication skills described in CCSS.ELA-LITERACY.W.11-12.1 and its grade-band analogs. The structured activities in all five modules incorporate the speaking and listening standards through collaborative discussion, peer feedback, and practitioner panel interaction.

Connection to TAISE Professional Certification

TAISE (Trusted AI Safety Expert) is the professional certification program of the Cloud Security Alliance AI Safety Initiative, designed to validate practitioner competency in the security, governance, and safety of AI agent systems [12]. The certification framework includes an Associate level designed for students and career changers who have foundational knowledge of AI safety concepts but have not yet worked in professional AI security roles. TAISE Compass is designed as a formal precursor to the Associate track, providing the conceptual grounding that makes the Associate examination accessible to students who have not yet worked professionally.

The articulation pathway works as follows. Students who complete all five Compass modules and achieve a satisfactory score on the Compass Capstone Assessment — a ninety-minute examination covering the key concepts from all five modules — earn a Compass Completion Certificate issued by the CSA AI Safety Initiative. That certificate qualifies the holder for admission to the TAISE Associate preparatory program at any of the participating community college partners, where a one-semester course (typically offered for three credit hours) bridges from Compass concepts to the full Associate examination body of knowledge. Students who pass the Associate examination hold a credential recognized by employers across the AI security sector.

For students on a four-year college pathway, the community college articulation agreement is designed to be transferable. Participating states have established transfer credit agreements under which TAISE Associate credit earned at a community college transfers as elective credit toward computer science, information assurance, or cybersecurity bachelor’s degree programs at state university systems. The dual enrollment mechanism is particularly important here: high school juniors and seniors who complete the Compass modules and the community college preparatory course while still enrolled in secondary school can enter college with the Associate credential already in hand, reducing time to degree and reducing the financial burden of credential attainment. Dual enrollment in cybersecurity and information technology is among the fastest-growing segments of community college programming, with enrollment rising approximately six percent between fall 2023 and fall 2024 [13].

The diversity fellowship program attached to the TAISE pathway waives examination fees for students from households below 200 percent of the federal poverty line, for students attending Title I secondary schools, and for students from groups underrepresented in the cybersecurity profession as defined by current ISC2 workforce demographic data. The fellowship is funded through the CSA CSAI Foundation and is designed to ensure that the Compass-to-TAISE pipeline does not replicate the access barriers that have historically limited workforce diversity in the security professions.

Pilot Program Design

Pilot Structure

The recommended pilot structure for an initial school district adoption involves three to five high schools selected to represent diverse contexts: at least one urban and one rural or suburban school, at least one school with a strong existing computer science program and at least one where the curriculum would be a first foray into AI education, and representation across socioeconomic demographics. The pilot runs for one full academic year, with Compass implemented as a semester-long elective in the second semester of the pilot year to allow time for teacher professional development during the first semester. A minimum of one instructor per school completes the full twelve-hour professional development sequence before implementation begins.

Each pilot school designates a Compass coordinator — typically the implementing teacher or the school’s STEM department chair — who serves as the primary point of contact for the CSA AI Safety Initiative’s curriculum team and who maintains implementation logs, collects student assessment data, and participates in monthly coordinator calls with the other pilot schools. The coordinator role carries a modest stipend funded through the district’s NSF K-12 supplemental grant application, submitted by the district prior to pilot launch.

Success Metrics

The pilot evaluation is built around four categories of outcome measures. Student learning outcomes are assessed through pre- and post-module knowledge assessments on each of the five modules, the Compass Capstone Assessment pass rate, and qualitative coding of student reflections and written assessments for evidence of reasoning quality and critical thinking development. Teacher implementation fidelity is measured through coordinator observation logs, instructor self-assessments at the midpoint and end of the semester, and student feedback surveys on instruction quality. Program engagement and equity are assessed through enrollment demographics compared to schoolwide demographics, attendance and completion rates disaggregated by demographic group, and student survey data on perceived relevance and belonging. Career pathway outcomes, as a longer-horizon measure, are tracked through a longitudinal follow-up survey administered one year and three years after Compass completion, assessing whether students pursued AI-related coursework, certification, internship, or employment.

Evaluation Methodology

The pilot evaluation uses a mixed-methods design. Quantitative analysis of pre/post assessment data uses paired t-tests to detect learning gains at the module level, with effect size calculations to assess practical significance alongside statistical significance. Qualitative analysis of student written work and coordinator logs uses a structured coding framework developed prior to pilot launch, with inter-rater reliability established through calibration sessions among the evaluation team. A comparison cohort — students at the pilot schools who were eligible for the elective but enrolled in a different course — provides a quasi-experimental control for contextual factors that might affect outcomes independent of the curriculum.

Pilot findings will be published as a CSA research note within six months of pilot completion. Based on pilot findings, the CSA AI Safety Initiative will revise the curriculum as needed before broader rollout, with particular attention to activities that show weaker learning gains, equity gaps in engagement or completion, or implementation challenges that instructors reported as barriers. The goal is a curriculum that is not only theoretically sound but reliably implementable by instructors across a wide range of school contexts and with widely varying levels of prior AI exposure.

References

[1] White House. “Advancing Artificial Intelligence Education for American Youth.” Presidential Executive Order, April 23, 2025. https://www.whitehouse.gov/presidential-actions/2025/04/advancing-artificial-intelligence-education-for-american-youth/

[2] White House. “The White House Hosts Third AI Education Task Force Meeting with Educators and Parents.” December 31, 2025. https://www.whitehouse.gov/articles/2025/12/31600/

[3] Google Education. “5 New AI Education Initiatives from Google.” Blog post, 2025. https://blog.google/outreach-initiatives/education/ai-literacy-day-2025/

[4] MIT Media Lab. “Impact.AI: K-12 AI Literacy.” Project overview. https://www.media.mit.edu/projects/impact-ai-k-12/overview/

[5] World Economic Forum. Global Cybersecurity Outlook 2025. Cited in Viva IT, “The Cybersecurity Talent Cliff: Closing the 4.8 Million Skills Gap by 2026.” https://viva-it.com/insights/the-cybersecurity-talent-cliff-navigating-the-4-8-million-professional-gap-in-2026/

[6] ISC2. 2025 Cybersecurity Workforce Study. https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study

[7] National Science Foundation. “ExLENT and ATE Supplement Opportunity: Expanding AI Career and Skilled Technical Workforce Opportunities in Support of High School Students.” NSF Dear Colleague Letter. https://www.nsf.gov/funding/opportunities/dcl-exlent-ate-supplement-opportunity-expanding-ai-career

[8] U.S. Department of Education. “U.S. Department of Education Issues Guidance on Artificial Intelligence Use in Schools.” Press release, 2025. https://www.ed.gov/about/news/press-release/us-department-of-education-issues-guidance-artificial-intelligence-use-schools-proposes-additional-supplemental-priority

[9] IBM Think Insights. “ISC2 Cybersecurity Workforce Study: Shortage of AI Skilled Workers.” 2025. https://www.ibm.com/think/insights/isc2-cybersecurity-workforce-study-shortage-ai-skilled-workers

[10] CSTA. CSTA K-12 Computer Science Standards, Revised 2017. Computer Science Teachers Association. https://csteachers.org/k12standards/

[11] CSTA. “Empowering the Future: CSTA Announces $1.6 Million Funding for Groundbreaking K-12 Computer Science Standards Update.” Announcement of 2026 standards revision. https://csteachers.org/empowering-the-future-csta-announces-1-6-million-funding-for-groundbreaking-k-12-computer-science-standards-update/

[12] Cloud Security Alliance. “Trusted AI Safety Expert (TAISE) Certificate.” https://cloudsecurityalliance.org/education/taise

[13] Community College Review. “Community College vs. Dual Enrollment 2025.” https://www.communitycollegereview.com/blog/community-college-vs-dual-enrollment-2025