• by Laurie Sullivan  @lauriesullivan, July 19, 2024

Major technology companies have created a new industry group aimed at enhancing security in artificial intelligence (AI) amid its rapid growth and adoption in many industries including advertising, media buying, marketing, and content creation for websites, mobile apps and television.

The Coalition for Secure AI (CoSAI) framework will operate as an open-source group intended to share methods, standards, and tools. It provides developers with tools to create secure-by-design AI systems. 

Anthropic, Amazon, Cisco, Google, IBM, Intel, Microsoft Nvidia, and PayPal are some of its founding members.

CoSAI PGB co-chairs are David LaBianca, Google senior director, as well as Omar Santos, engineer and AI security research at Cisco. Both are recognized as leaders in the cybersecurity community.

Members of the executive team officially announced the industry group this week. The group aims to “create a future where technology is not only cutting-edge but also secure-by-default,” Santos wrote in a blog post.

He explained that “CoSAI collaborates with NIST, Open-Source Security Foundation (OpenSSF), and other stakeholders through collaborative AI security research, best practice sharing, and joint open-source initiatives.”

CoSAI, where possible, will collaborate with other organizations driving technical advancements in AI such as Frontier Model Forum, Partnership on AI, OpenSSF, and ML Commons.

The coalition’s launch comes during a pivotal moment to secure AI and applications and services built on the technology.

CoSAI will be housed under OASIS Open, the international standards and open-source consortium.

Google Vice President of Security Engineering Heather Adkins wrote in a blog post that the organization will help to prepare “defenders for a changing cybersecurity landscape: When handling day-to-day AI governance, security practitioners don’t have a simple path to navigate the complexity of security concerns.”

In other words, the group’s work will address the security impact of AI use. The framework will scale mitigation strategies with the emergence of offensive cybersecurity advancements in AI models.

Ironically, the experts launched the group during the same week that a huge Microsoft outage linked to CrowdStrike took down computers around the world. The company said the meltdown affecting airlines, banks and businesses was not due to a cyberattack, but was partly due to a software update, CrowdStrike said.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company wrote in a blog post on its website. “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”