CoSAI is an OASIS Open Project and is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development.
For more information about CoSAI, visit our project website.
To learn more about how this Open Source project is governed, who our sponsors are, and who is serving on our Project Governing Board and Technical Steering Committee, check out the OASIS Open Project repository.
CoSAI will address key AI security issues through several critical workstreams in collaboration with industry and academia, including efforts such as:
This workstream focuses on enhancing AI security by addressing the challenges of third-party model risks, provenance, and AI application security. It builds upon widely recognized security frameworks like the SSDF and SLSA, extending them for AI development.
- Sign up for the WS1 mailing list by posting an empty email to: cosai-supply-chain-ws+subscribe@lists.oasis-open-projects.org
- The public message archive is available at this link
- Link to workstream 1 GitHub repository
The goal of this workstream is to develop a defender’s framework to identify needed investments to address the security impacts of AI use by business applications, attackers, and defenders as well as mitigations techniques and best practices. The Defender’s framework aims to scale investments and mitigation strategies with the emergence of pivotal offensive cybersecurity advancements in AI models.
- Sign up for the WS2 mailing list by posting an empty email to cosai-defenders-ws+subscribe@lists.oasis-open-projects.org
- The public message archive is available at this link.
- Link to workstream 2 GitHub repository
Workstream 3 contributors are working to develop a security-focused risk and controls taxonomy, checklist, and scorecard to guide practitioners in readiness assessments, management, monitoring, and reporting of their AI products, services, and components.
- Sign up for the WS3 mailing list by posting an empty email to cosai-risk-governance-ws+subscribe@lists.oasis-open-projects.org
- The public message archive is available at this link
- Link to workstream 3 GitHub repository
Technical participation is free and open to all developers. That’s why CoSAI relies on a core group of stakeholder organizations whose financial commitment ensures that the initiative stays on track and receives the resources it needs to succeed. Learn more about the benefits of becoming a member of the Coalition for Secure AI here.