Bethesda, MD, April 28, 2026 (GLOBE NEWSWIRE) — Representatives from leading AI security standardization initiatives have formed MOSAIC (Multi-Organization Secure AI Coordination), the first collective collaboration of its kind among AI security standard organizations. The group took shape April 21, 2026 at the AI Security Policy Forum, held alongside the SANS AI Cybersecurity Summit.
The forum was convened by the OWASP AI Exchange with SANS as co-host to address a problem that defenders, regulators, and CISOs have raised with growing urgency. AI security guidance is proliferating faster than it is being coordinated. According to the SANS 2026 Workforce Research Report, 60 percent of organizations say their teams lack the skills needed to defend against current threats, and 27 percent report breaches directly linked to those capability gaps. When a practitioner opens ten documents from ten respected bodies and finds ten different definitions of “AI risk,” the cost of fragmentation shows up as real incidents.
“Defenders have been telling us for two years that conflicting guidance is slowing them down,” said Rob T. Lee, Chief AI Officer and Chief of Research, SANS Institute. “When our students ask which AI security framework to follow, they get different answers from their respected sources. That is not a workable position for the people protecting hospitals, grids, and financial systems. What happened with this collective is the first time the organizations writing those frameworks sat down to work the problem together, apart from several ad hoc one-on-one collaborations.”
Founding participants in MOSAIC include the Open Worldwide Application Security Project (OWASP), SANS Institute, National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA), Center for Internet Security (CIS), Coalition for Secure AI (CoSAI), and the Berryville Institute of Machine Learning (BIML). Other stakeholders participating in the forum included members of the International Telecommunication Union (ITU), The Aspen Institute, and various public policy leaders.
“For the first time, the people building the standards that will shape AI security sat down and agreed to coordinate as a collective,” said Rob van der Veer, Chief AI Officer at Software Improvement Group, founder of the OWASP AI Exchange and co-editor of the EU AI Act security standard. “Our job here is not to build another framework. It is to connect the ones that already exist so practitioners can actually use them. MOSAIC is what the moment asks of us, and the group delivered it in a single afternoon. We have to thank Shoshana Cox from the Exchange for her excellent idea to gather everybody in one room.”
MOSAIC is designed as a lightweight coordination approach to improve consistency and quality across initiatives without adding committees or process overhead. Initial next steps include:
- A shared communication platform to exchange insights and share standardized information on scope, roadmap, work streams, and deliverables
- Agreeing on common definitions for foundational terms, including safety, security, and risk
- Establishing a set of shared operating principles, including how the group grows and maintains membership
- GitHub as the coordination platform, operating under OWASP’s governance principles of openness, fairness, and integrity
MOSAIC is founded on an open-membership model, with the intent that collaboration remains accessible to any mature initiative working seriously on AI security rather than an exclusive club.
As part of MOSAIC’s formation, the OWASP AI Exchange introduced a shared taxonomy, developed on the open-source OpenCRE platform, that links terms, controls, and concepts across participating standards. Additional details about the taxonomy and the MOSAIC coordination repository will be shared in a follow-up announcement.
Keep an eye on announcements by the OWASP AI Exchange and SANS on how the next MOSAIC steps unfold. The taxonomy that maps the standards can already be seen in beta at opencre.org and in the reference sections of the threats and controls at owaspai.org.
About OWASP AI Exchange
The OWASP AI Exchange (owaspai.org) is a global think tank and open-source initiative that brings together experts in AI and cybersecurity. Its mission is to bring clarity in AI security by connecting practitioners, researchers, industry, and policymakers.