Introducing the Coalition for Secure AI, an OASIS Open Project
Boston, MA – 18 July 2024 – The Coalition for Secure AI (CoSAI) was announced today at the Aspen Security Forum. Hosted by the OASIS global standards body, CoSAI is an open-source initiative designed to give all practitioners and developers the guidance and tools they need to create Secure-by Design AI systems. CoSAI will foster a collaborative ecosystem to share open-source methodologies, standardized frameworks, and tools.
CoSAI brings together a diverse range of stakeholders, including industry leaders, academics, and other experts, to address the fragmented landscape of AI security.
- CoSAI’s founding Premier Sponsors are Google, IBM, Intel, Microsoft, NVIDIA, and PayPal. Additional founding Sponsors include Amazon, Anthropic, Cisco, Chainguard, Cohere, GenLab, OpenAI, and Wiz.
- CoSAI is an initiative to enhance trust and security in AI use and deployment.
- CoSAI’s scope includes securely building, integrating, deploying, and operating AI systems, focusing on mitigating risks such as model theft, data poisoning, prompt injection, scaled abuse, and inference attacks.
- The project aims to develop comprehensive security measures that address AI systems’ classical and unique risks.
- CoSAI is an open-source community led by a Project Governing Board, which advances and manages its overall technical agenda, and a Technical Steering Committee of AI experts from academia and industry who will oversee its workstreams.
The Need for CoSAI
Artificial intelligence (AI) is rapidly transforming our world and holds immense potential to solve complex problems. To ensure trust in AI and drive responsible development, it is critical to develop and share methodologies that keep security at the forefront, identify and mitigate potential vulnerabilities in AI systems, and lead to the creation of systems that are Secure-by-Design.
Currently, securing AI and AI applications and services is a fragmented endeavor. Developers grapple with a patchwork of guidelines and standards which are often inconsistent and siloed. Assessing and mitigating AI-specific and prevalent risks without clear best practices and standardized approaches is a significant challenge for even the most experienced organizations.
With the support of industry leaders and experts, CoSAI is poised to make significant strides in establishing standardized practices that enhance AI security and build trust among stakeholders globally.
“CoSAI’s establishment was rooted in the necessity of democratizing the knowledge and advancements essential for the secure integration and deployment of AI,” said David LaBianca, Google, CoSAI Governing Board co-chair. “With the help of OASIS Open, we’re looking forward to continuing this work and collaboration among leading companies, experts, and academia.”
“We are committed to collaborating with organizations at the forefront of responsible and secure AI technology. Our goal is to eliminate redundancy and amplify our collective impact through key partnerships that focus on critical topics,” said Omar Santos, Cisco, CoSAI Governing Board co-chair. “At CoSAI, we will harness our combined expertise and resources to fast-track the development of robust AI security standards and practices that will benefit the entire industry.”
Initial Work
To start, CoSAI will form three workstreams, with plans to add more over time:
- Software supply chain security for AI systems: enhancing composition and provenance tracking to secure AI applications.
- Preparing defenders for a changing cybersecurity landscape: addressing investments and integration challenges in AI and classical systems.
- AI security governance: developing best practices and risk assessment frameworks for AI security.
Participation
Everyone is welcome to contribute technically as part of the CoSAI open-source community. OASIS welcomes additional sponsorship support from companies involved in this space. Contact join@oasis-open.org for more information.
Additional Information
CoSAI charter
Support for CoSAI
Amazon
“At Amazon, our top priority is safeguarding the security and confidentiality of customer data. From day one, AWS AI infrastructure and the Amazon services built on top of it have had security and privacy features built-in that give customers strong isolation with flexible control over their systems and data. As a sponsor of CoSAI, we’re excited to collaborate with the industry on developing needed standards and practices that will strengthen AI security for everyone.”
– Paul Vixie, VP/Distinguished Engineer and Deputy CISO, Amazon Web Services
Anthropic
“As a safety-focused organization, building and deploying secure AI models has been core to our mission from the start. We’re proud to partner with other industry leaders to help foster a secure AI ecosystem and collaborate on a set of technical security best practices and standards. We look forward to the work ahead with the coalition to encourage safe AI development.”
– Jason Clinton, Chief Information Security Officer, Anthropic
Cisco
“Cisco is very excited to join forces with other industry leaders in the Coalition for Secure AI (CoSAI). This effort underscores our commitment to advancing AI security, developing standardized best practices, and ensuring that AI technologies are secure-by-design. Together with our partners, we aim to drive innovation and build trust in AI systems across all sectors.”
– Omar Santos, Distinguished Engineer, Cisco
Chainguard
“As we witness AI workloads evolving beyond simple applications to more sensitive and critical functions, ensuring their security becomes paramount. The current landscape is fragmented, with developers navigating through inconsistent and siloed guidelines. At Chainguard, we are excited to join CoSAI and contribute our expertise in creating secure-by-design AI systems. Together, we can set new benchmarks for AI security, ensuring that innovation progresses on a foundation of safety and reliability.”
– Kim Lewandowski, Co Founder and Chief Product Officer, Chainguard
Cohere
“Cohere is proud to join the Coalition for Secure AI (CoSAI) to further our commitment to building frontier enterprise AI solutions with security and data privacy at the core. AI will have a transformative impact on businesses and we look forward to working with the rest of the industry to develop comprehensive standards that enhance trust and security to encourage wider adoption of this technology.”
– Prutha Parikh, Head of Security, Cohere
GenLab
“Security requires a community to support, integrate, and promote best practices globally to ensure the stability and safety of AI. That’s why we are excited about being a member of CoSAI and helping discover and promote these practices within its own companies and the broader global ecosystem.”
– Daniel Riedel, Founder, GenLab Venture Studio
Google
“We’ve been using AI for many years and see the ongoing potential for defenders, but also recognize its opportunities for adversaries. CoSAI will help organizations, big and small, securely and responsibly integrate AI – helping them leverage its benefits while mitigating risks.”
– Heather Adkins, Vice President and Cybersecurity Resilience Officer, Google
IBM
“IBM is excited to join the Coalition for Secure AI (CoSAI), a new initiative that brings together industry leaders, organizations, and technology experts to develop standardized approaches to address AI cybersecurity. By participating in CoSAI, we are committed to fostering collaboration, innovation, and education, so that AI systems are more secure-by-design. This initiative will empower developers with the best practices, tools, and methodologies needed to safeguard AI solutions.”
– Alessandro Curioni, IBM Fellow, Vice President Europe and Africa and Director IBM Research Zurich
Intel
“The speed of AI innovation must be matched by the security of its creations. Intel is committed to advancing secure AI practices and doing so will require collaboration across the ecosystem. The Coalition for Secure AI (CoSAI) will provide security practitioners and developers with accessible guidance, resources and tools to create secure AI systems. We are proud to participate in this effort as a founding member alongside our CoSAI partners.”
– Dhinesh Manoharan, Vice President and General Manager, Security for AI & Security Research, Intel
Microsoft
“Microsoft remains steadfast in its commitment that safety and security be at the heart of AI system development. As a Founding Member of the Coalition for Secure AI, Microsoft will partner with similarly committed organizations towards creating industry standards for ensuring that AI systems and the machine learning required to develop them are built with security by default and with safe and responsible use and practices in mind. Through membership and partnership within the Coalition for Secure AI, Microsoft continues its commitment to empower every person and every organization on the planet to do more…securely.”
– Yonatan Zunger, CVP, AI Safety & Security, Microsoft
NVIDIA
“As AI adoption continues to grow across industries, it’s paramount to ensure proper guidance and security measures when building and deploying models. As a founding member of the Coalition for Secure AI, NVIDIA is committed to building a community dedicated to making secure and trustworthy AI accessible to all.”
– Daniel Rohrer, VP of Software Product Security, Architecture and Research at NVIDIA
OpenAI
“Developing and deploying AI technologies that are secure and trustworthy is central to OpenAI’s mission. We believe that developing robust standards and practices is essential for ensuring the safe and responsible use of AI and we’re committed to collaborating across the industry to do so. Through our participation in CoSAI, we aim to contribute our expertise and resources to help create a secure AI ecosystem that benefits everyone.”
– Nick Hamilton, Head of Governance, Risk, and Compliance, OpenAI
PayPal
“PayPal is proud to partner with CoSAI to help shape the industry’s guidelines and standards for secure AI development. We are at the forefront of the ever-evolving cybersecurity landscape as we power about a quarter of the world’s e-commerce transactions every year. Ensuring that every transaction is safe and secure is our top priority. We are excited to collaborate with the coalition to develop comprehensive standards and practices that ensure safe, secure AI for everyone.”
– Shaun Khalfan, Chief Information Security Officer, PayPal
Wiz
“Like the early days of cloud, AI adoption has skyrocketed while governance and security must play catch up. Wiz believes in enabling organizations to tap into the transformative power of AI while staying secure. That belief is driving our participation in CoSAI, and we can’t wait to partner alongside so many thought leaders who are equally committed to the cause. The future is bright.”
– Ryan Kazanciyan, Chief Information Security Officer, Wiz
Media Inquiries:
Carol Geyer, carol.geyer@oasis-open.org