Cyber-physical systems are becoming more intelligent with the adoption of heterogeneous sensor networks and machine learning capabilities that deal with an increasing amount of input data. While this complexity aims to solve problems in various domains, it adds new challenges for the system assurance. One is the rise of the number of abnormal behaviors that affect system performance due to possible sensor faults and attacks. The combination of safety risks, which are usually caused by random sensor faults and security risks, which can happen at any random state of the systems, makes the full coverage testing of the cyber-physical system to be challenging. Existing techniques are inadequate to deal with complex, safety and security co-risks on cyber-physical systems. In this paper, we propose AST-SafeSec, an analysis methodology for both safety and security aspects, which utilizes reinforcement learning to identify the most-likely adversarial paths at various normal or failure states of a cyber-physical system that can influence system behavior through its sensor data. The methodology is evaluated using an autonomous vehicle scenario by incorporating security attack into the stochastic sensor elements of the vehicle. Evaluation results show that the methodology analyzes the interaction of malicious actions with random faults, and identifies the incident caused by the interactions and the most-likely path that leads to the incident.