With attacks escalating and no clear standards in place, two of cybersecurity’s most trusted communities are joining forces to give defenders the tools they’ve been missing
AI technologies are being rolled out rapidly across enterprises with little to no security enforcement in place. While adoption accelerates, defenders are left to secure complex systems against high-impact attacks such as prompt injection, data leakage, and model theft. In many cases, they are operating without actionable guidance.
To close this operational gap, SANS Institute and OWASP AI Exchange have formed a strategic partnership to co-develop a unified set of AI security controls. Designed for immediate implementation, the controls will provide practical, field-tested defenses that can be adopted across industries.
“This partnership is about clarity,” said Rob van der Veer, founder of the OWASP AI Exchange. “We already have the technical foundation. SANS helps us bring it into the field and make it real for defenders.”
The controls will combine OWASP’s two years of work resulting in their 200 page body of knowledge with the SANS Critical AI Security Guidelines v1.1. The structure will address six critical domains: access, data, deployment, inference, monitoring, and governance. Through a unique official liaison partnership, this content feeds straight into relevant regulatory standards including the EU AI Act and ISO/IEC 27090.
All outputs will be released as open-source resources. SANS will also integrate the controls into its global training programs to support direct adoption by enterprise and government security teams.
“At this point, defenders do not need another framework. They need something they can use immediately,” said Rob T. Lee, Chief of Research at SANS Institute. “This partnership gives them tested protections based on real threats.”
The initiative aims to create a single control set backed by both communities: technical creators and operational defenders. It will offer a common language and reduce ambiguity for security teams worldwide.
Ready to participate in crowdsourcing next-generation AI security standards?
Submit your sharp, accurate, and real-world ready ideas to us: To contribute through Github, jump into github.com/sans-community or owaspai.org/contribute. Fork the SANS or OWASP AI Exchange repo, branch off (e.g., yourname-month2025), edit the Markdown (for SANS, please link back to the OWASP AI Exchange content), and submit a Pull Request. Your fixes, examples, and edits make a real difference.
The OWASPAI exchange community meets on the OWASP Slack workspace, in the public channel #project-ai-community (authors work in the private #project-ai-authors). To join owasp Slack: owasp.org/slack/invite
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!