SANS and OWASP Join Forces to Standardize AI Security Controls

Bethesda, MD, July 01, 2025 (GLOBE NEWSWIRE) — AI technologies are being rolled out rapidly across enterprises with little to no security enforcement in place. While adoption accelerates, defenders are left to secure complex systems against high-impact attacks such as prompt injection, data leakage, and model theft. In many cases, they are operating without actionable guidance.

To close this operational gap, SANS Institute and OWASP AI Exchange have formed a strategic partnership to co-develop a unified set of AI security controls. Designed for immediate implementation, the controls will provide practical, field-tested defenses that can be adopted across industries.

“This partnership is about clarity,” said Rob van der Veer, founder of the OWASP AI Exchange. “We already have the technical foundation. SANS helps us bring it into the field and make it real for defenders.”

The controls will combine OWASP’s two years of work resulting in their 200 page body of knowledge with the SANS Critical AI Security Guidelines v1.1. The structure will address six critical domains: access, data, deployment, inference, monitoring, and governance. Through a unique official liaison partnership, this content feeds straight into relevant regulatory standards including the EU AI Act and ISO/IEC 27090.

All outputs will be released as open-source resources. SANS will also integrate the controls into its global training programs to support direct adoption by enterprise and government security teams.
“At this point, defenders do not need another framework. They need something they can use immediately,” said Rob T. Lee, Chief of Research at SANS Institute. “This partnership gives them tested protections based on real threats.”

The initiative aims to create a single control set backed by both communities: technical creators and operational defenders. It will offer a common language and reduce ambiguity for security teams worldwide.

Ready to participate in crowdsourcing next-generation AI security standards?

Submit your sharp, accurate, and real-world ready ideas to us: To contribute through Github, jump into github.com/sans-community or owaspai.org/contribute. Fork the SANS or OWASP AI Exchange repo, branch off (e.g., yourname-month2025), edit the Markdown (for SANS, please link back to the OWASP AI Exchange content), and submit a Pull Request. Your fixes, examples, and edits make a real difference.

The OWASPAI exchange community meets on the OWASP Slack workspace, in the public channel #project-ai-community (authors work in the private #project-ai-authors). To join owasp Slack: owasp.org/slack/invite

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 85 courses at in-person and virtual cybersecurity events and OnDemand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 50 hands-on technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS also delivers a wide variety of free resources to the InfoSec community, including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet’s early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners representing varied global organizations, from corporations to universities, working together to support and educate the global information security community. sans.org

About OWASP AI Exchange

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. It involves community-led open source projects including code, documentation, and standards, over 250+ local chapters worldwide, and tens of thousands of members. owasp.org

The AI Exchange flagship project is OWASP’s go-to resource on protecting AI systems from threats, working closely with other initiatives outside and inside OWASP, such as the GenAI security project, known from the LLM top 10. The AI Exchange substantially contributes to international standards at ISO/IEC and the AI Act through official partnerships – effectively open sourcing global standardisation on AI security. owaspai.org

Attachment

• SANS and OWASP Join Forces

Wall St Business News, Latest and Up-to-date Business Stories from Newsmakers of Tomorrow