Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

Global AI Security Standard Organizations Gather Under MOSAIC to Reduce Fragmentation

At an invitation-only forum in Arlington, OWASP, SANS Institute, NIST, CSA, CIS, CoSAI, and BIML formed MOSAIC: Multi-Organization Secure AI Coordination, a collective collaboration to coordinate the AI security guidance the world’s defenders actually use.

April 28, 2026 — Representatives from leading AI security standardization initiatives have formed MOSAIC (Multi-Organization Secure AI Coordination), the first collective collaboration of its kind among AI security standard organizations. The group took shape April 21, 2026 at the AI Security Policy Forum, held alongside the SANS AI Cybersecurity Summit.

The forum was convened by the OWASP AI Exchange with SANS as co-host to address a problem that defenders, regulators, and CISOs have raised with growing urgency. AI security guidance is proliferating faster than it is being coordinated. According to the SANS 2026 Workforce Research Report, 60 percent of organizations say their teams lack the skills needed to defend against current threats, and 27 percent report breaches directly linked to those capability gaps. When a practitioner opens ten documents from ten respected bodies and finds ten different definitions of “AI risk,” the cost of fragmentation shows up as real incidents.

“Defenders have been telling us for two years that conflicting guidance is slowing them down,” said Rob T. Lee, Chief AI Officer and Chief of Research, SANS Institute. “When our students ask which AI security framework to follow, they get different answers from their respected sources. That is not a workable position for the people protecting hospitals, grids, and financial systems. What happened with this collective is the first time the organizations writing those frameworks sat down to work the problem together, apart from several ad hoc one-on-one collaborations.”

Founding participants in MOSAIC include the Open Worldwide Application Security Project (OWASP), SANS Institute, National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA), Center for Internet Security (CIS), Coalition for Secure AI (CoSAI), and the Berryville Institute of Machine Learning (BIML). Other stakeholders participating in the forum included members of the International Telecommunication Union (ITU), The Aspen Institute, and various public policy leaders.

“For the first time, the people building the standards that will shape AI security sat down and agreed to coordinate as a collective,” said Rob van der Veer, Chief AI Officer at Software Improvement Group, founder of the OWASP AI Exchange and co-editor of the EU AI Act security standard. “Our job here is not to build another framework. It is to connect the ones that already exist so practitioners can actually use them. MOSAIC is what the moment asks of us, and the group delivered it in a single afternoon. We have to thank Shoshana Cox from the Exchange for her excellent idea to gather everybody in one room.”

MOSAIC is designed as a lightweight coordination approach to improve consistency and quality across initiatives without adding committees or process overhead. Initial next steps include:

  • A shared communication platform to exchange insights and share standardized information on scope, roadmap, work streams, and deliverables
  • Agreeing on common definitions for foundational terms, including safety, security, and risk
  • Establishing a set of shared operating principles, including how the group grows and maintains membership
  • GitHub as the coordination platform, operating under OWASP’s governance principles of openness, fairness, and integrity

MOSAIC is founded on an open-membership model, with the intent that collaboration remains accessible to any mature initiative working seriously on AI security rather than an exclusive club.

As part of MOSAIC’s formation, the OWASP AI Exchange introduced a shared taxonomy, developed on the open-source OpenCRE platform, that links terms, controls, and concepts across participating standards. Additional details about the taxonomy and the MOSAIC coordination repository will be shared in a follow-up announcement.

Keep an eye on announcements by the OWASP AI Exchange and SANS on how the next MOSAIC steps unfold. The taxonomy that maps the standards can already be seen in beta at opencre.org and in the reference sections of the threats and controls at owaspai.org.

About OWASP AI Exchange

The OWASP AI Exchange (owaspai.org) is a global think tank and open-source initiative that brings together experts in AI and cybersecurity. Its mission is to bring clarity in AI security by connecting practitioners, researchers, industry, and policymakers.