AI technologies are being rolled out rapidly across enterprises with little to no security enforcement in place. While adoption accelerates, defenders are left to secure complex systems against high-impact attacks such as prompt injection, data leakage, and model theft. In many cases, they are operating without actionable guidance.
To close this operational gap, SANS Institute and OWASP AI Exchange have formed a strategic partnership to co-develop a unified set of AI security controls. Designed for immediate implementation, the controls will provide practical, field-tested defenses that can be adopted across industries.
“This partnership is about clarity,” said Rob van der Veer, founder of the OWASP AI Exchange. “We already have the technical foundation. SANS helps us bring it into the field and make it real for defenders.”
Cyber Technology Insights : CompassMSP Appoints Milind Shah as COO to Drive Operational Growth and Client Innovation
The controls will combine OWASP’s two years of work resulting in their 200 page body of knowledge with the SANS Critical AI Security Guidelines v1.1. The structure will address six critical domains: access, data, deployment, inference, monitoring, and governance. Through a unique official liaison partnership, this content feeds straight into relevant regulatory standards including the EU AI Act and ISO/IEC 27090.
All outputs will be released as open-source resources. SANS will also integrate the controls into its global training programs to support direct adoption by enterprise and government security teams.
“At this point, defenders do not need another framework. They need something they can use immediately,” said Rob T. Lee, Chief of Research at SANS Institute. “This partnership gives them tested protections based on real threats.”
The initiative aims to create a single control set backed by both communities: technical creators and operational defenders. It will offer a common language and reduce ambiguity for security teams worldwide.
Cyber Technology Insights : City of Jacksonville, Nonprofit Center of Northeast Florida, and OnDefend
Ready to participate in crowdsourcing next-generation AI security standards?
Submit your sharp, accurate, and real-world ready ideas to us: To contribute through Github, jump into github.com/sans-community or owaspai.org/contribute. Fork the SANS or OWASP AI Exchange repo, branch off (e.g., yourname-month2025), edit the Markdown (for SANS, please link back to the OWASP AI Exchange content), and submit a Pull Request. Your fixes, examples, and edits make a real difference.
The OWASPAI exchange community meets on the OWASP Slack workspace, in the public channel #project-ai-community.
Cyber Technology Insights : VulnCheck Launches Integration With ThreatQuotient, a Securonix Company
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: globenewswire
