Definition

What is the Coalition for Secure AI (CoSAI)?

The Coalition for Secure AI (CoSAI) is an open source initiative to enhance artificial intelligence's security. The coalition is a collaborative ecosystem of diverse stakeholders who share security expertise, best practices, product development and AI security research. CoSAI focuses on safely integrating AI across organizations through all development and deployment stages.

CoSAI operates under the Organization for the Advancement of Structured Information Systems Open initiative, a nonprofit consortium dedicated to developing and adopting open standards and open source projects in various technological spheres. OASIS announced the launch of CoSAI at Aspen Security Forum in July 2024.

Founding sponsors of CoSAI include Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, Nvidia, OpenAI, PayPal and Wiz. A Project Governing Board (PGB) and a Technical Steering Committee of AI experts from various fields lead the open source project. Many founding sponsors have seated a representative on CoSAI's PGB.

CoSAI works with existing AI initiatives and collaborates with fellow organizations within the security landscape, such as the Open Source Security Foundation, Partnership on AI and Frontier Model Forum. These organizations aim to enhance AI safety and drive the advancement of the technology. This collaborative framework is crucial for developing a more secure AI ecosystem because it effectively pools resources and knowledge to address challenging security issues.

What is the mission of CoSAI?

CoSAI aims to improve security in AI technology, strengthen trust in AI and encourage responsible development of secure-by-design AI systems. A goal of enhancing AI security and fortifying trust in AI is driving AI adoption and deployment. The CoSAI OASIS Open Project Charter states the coalition's belief that "AI is rapidly transforming our world and holds immense potential to solve complex problems."

CoSAI's mission consists of three main goals:

  1. Advancement. CoSAI relies on the diverse open project community of experts, industry leaders and academics to identify vulnerabilities in AI security. Participants use shared research and experience to develop solutions to the unique security threats that AI systems face. The project aims to mitigate security risks, including data poisoning, model theft, scaled abuse and inference attacks.
  2. Standardization. The project fosters consistency and standardization across industries and organizations. CoSAI encourages the development of standardized guidelines, frameworks and evaluation methodologies to enhance security in AI technology.
  3. Democratization. The coalition aims to provide all developers and practitioners with the needed direction and resources to build secure-by-design AI systems. OASIS has opened this project to the public. Technical participation is free and open to developers, regardless of experience or budget.

    Why was CoSAI needed?

    Rapid advancements and the adoption of AI across industries have created various vulnerabilities in AI security, including the following:

    • Lack of standardized best practices. The current lack of standardization leads to issues such as inconsistent security measures, inadequate testing and validation of AI systems, and failure to meet regulatory requirements. These issues open AI systems to potential attacks and can cause legal and financial ramifications for organizations.
    • Current vulnerabilities in AI systems. There are many potential vulnerabilities within AI systems. AI systems are often vulnerable to data poisoning, model fragility, data breaches and cyberattacks. Continued research is required to fortify these areas and to improve security. By understanding current risks and vulnerabilities, developers can create secure-by-design AI systems.
    • Need for collaboration. Organizations, developers and individuals currently face inconsistent guidelines, and useful information is often siloed. CoSAI is an open forum of AI security experts, developers and industry leaders. Creating a collaborative ecosystem and allowing access to standardized information, research and open source tools benefit the development of AI technology by learning from experts.
    • Hesitation in AI adoption. Lack of trust in AI systems and security can lead to hesitation in AI adoption by corporations and the public. This hesitation and mistrust hinder advancements in AI technology. Fostering trust in AI through enhanced security measures and standard best practices encourages further advancements.

    What projects is CoSAI working on?

    CoSAI has established three main workstreams with eventual plans to add more:

    1. AI risk governance. CoSAI creates resources to help professionals oversee, evaluate, track and report on the security of their AI products. CoSAI also sets the standard and best practices for organizations and individuals regarding AI security.
    2. Preparing defenders for a changing cybersecurity landscape. This workstream develops a clear path for security practitioners to follow when navigating security concerns. CoSAI develops a framework to help practitioners identify investment and mitigation techniques. This workstream aims to contribute to offensive cybersecurity advancements in AI models.
    3. Software supply chain security for AI systems. This workstream improves AI software supply chain security by addressing vulnerabilities at every stage of AI systems' development and operation. The project extends Supply-chain Levels for Software Artifacts provenance to AI models to understand how they were created and handled throughout the system's lifecycle. Creating traceability throughout the AI software supply chain improves accountability and trust in AI systems.

      How companies can participate in CoSAI

      OASIS has encouraged public participation in this open source project. Participants do not have to be affiliated with OASIS.

      All contributors are welcome to participate in collaborative projects at no cost.

      Companies can also participate in the following ways:

      • Become a sponsor. CoSAI relies on sponsors for financial support and guidance. This enables developers to contribute to the project, regardless of experience level and budget. Companies can contact CoSAI for more information on becoming a sponsor.
      • Contribute. Technical participation is free for all developers. Joining CoSAI connects individuals to industry leaders and experts. Members have access to research, resources and guidelines on AI security.
      • Learn more. Visit the official CoSAI website to subscribe to various mailing lists, or visit the CoSAI Github repositories to see documentation, participate in discussions or make contributions.
      This was last updated in August 2024

      Continue Reading About What is the Coalition for Secure AI (CoSAI)?