The Cloud Security Alliance (CSA) has spent the past 14 years bringing together experts to help make complex technologies like cloud computing and artificial intelligence more manageable.
In late 2023, CSA launched its most ambitious project yet: the AI Safety Initiative. Supported by major players like Amazon, Google, Microsoft, and OpenAI — along with the Cybersecurity and Infrastructure Security Agency (CISA) and universities — the AI Safety Initiative gives companies reliable guidance on how to use AI tools safely and responsibly.
The AI Safety Initiative also helps close the divide between fast-moving technology and slower-moving government regulations. With practical tools like readiness checklists, hands-on frameworks, and recommendations that evolve alongside new laws, the initiative makes it easier for businesses to roll out AI without getting bogged down by compliance worries.
From AI readiness to AI roadmaps
The AI Safety Initiative’s main priority is sharing practical guardrails for the generative AI of today, while anticipating the needs of more advanced AI systems coming soon (artificial general intelligence and artificial superintelligence).
Its focus areas span everything organizations need to use AI safely, including:
Comprehensive AI readiness lists for organizations to evaluate how prepared they really are for AI.
Usage guidelines that align with existing security and governance practices.
Strategies for how to tackle AI ethical risks like bias and transparency.
AI security instructions for how to use AI safely to strengthen cybersecurity.
Attack resilience guidelines for understanding how AI systems can be penetrated and how to defend them.
Threat intelligence on how bad actors are already using AI.
Future-proof planning with roadmaps for tomorrow’s AI challenges.
“With the AI Safety Initiative, we’re working hard to keep best practices in step with AI’s fast pace — all while staying true to our roots of offering free tools that help bridge industry and government,” says Illena Armstrong, President of the Cloud Security Alliance.
The challenge of securing AI as it constantly changes
Launching a global AI safety coalition was no small task. One of the many challenges for the CSA, says Armstrong, was laying out a clear and concise vision. “The key was making sure the roadmap for the initiative could be understood and then fully supported by a diverse group of stakeholders,” says Armstrong.
Another big challenge was the AI’s unprecedented pace of evolution. The CSA needed to develop frameworks and tools—such as its AI Controls Matrix (AICM), with 18 domains and 243 control objectives—that would be current yet also forward-looking. This required continuous input from CSA’s research working groups and its executive leadership council, which includes cybersecurity executives from Sallie Mae, Procter & Gamble, Microsoft, and Anthropic, to name a few.
Adding to the challenge was the need to adapt guidance for different industries so that recommendations worked equally well for financial services, healthcare, manufacturing, and other sectors. CSA’s CSO Strategic Advisory Council is currently working on these industry-specific AI safety guidelines, says Armstrong.
“You’re managing tech giants, government agencies, academic researchers, and security professionals,” Armstrong notes. “Everyone has different priorities, but with our solid internal team and the committed experts supporting this effort, we’re staying on top of these challenges.”
The impact of turning frameworks into real-world tools
In a year and a half, the AI Safety Initiative has already produced tangible results. More than 20 research publications have been released as part of the initiative, thanks to the work of CSA’s research working groups covering AI governance and compliance, AI technology risk, AI controls, and AI organizational responsibilities.
The initiative’s flagship AI Controls Matrix (AICM), a vendor-agnostic framework for cloud-based AI systems, has received positive feedback from the experts and industry leaders who have downloaded and applied it, says Armstrong.
Additionally, as part of the initiative, the CSA launched RiskRubric.ai in partnership with Harmonic, Noma Security, and Haize Labs. Risk Rubric is a scoring system for large language models (LLMs) that rates more than 40 models per month on transparency, reliability, security, privacy, safety, and reputation. The end goal of Risk Rubric is to give enterprise leaders the information they need to make more responsible decisions when adopting AI.
Education is another big win for the AI Safety Initiative. Through its Trusted AI Safety Expert (TAISE) certificate program — a partnership with Northeastern University — the CSA is helping to close a major skills gap by teaching professionals to develop, deploy, and govern AI responsibly.
For its AI Safety Initiative, the CSA earned a 2025 CSO Award. The award honors security projects that demonstrate outstanding thought leadership and business value.
With big initiatives, have a unified vision but stay flexible
In rolling out the AI Safety Initiative, the CSA learned lessons that organizations can apply to any complex project, such as:
Start with a unified vision. A clear mission statement and scope help get all stakeholders on the same page.
Bring different voices to the table. Include government, enterprise, nonprofit, academic, and service-provider perspectives to boost credibility.
Stay vendor neutral. Remaining unbiased helps build trust and improves the chance your work is accepted across industries.
Communicate early and often. Sharing progress and success stories is vital to building momentum.
Be ready to adjust. In a field like AI, the ability to pivot in response to new developments is essential.
“The need for flexibility is a common thread,” says Armstrong. “Being able to adapt quickly as things evolve is fundamental to the AI Safety Initiative’s longevity and success.”
Discover More Insights from Security Leaders
Want to see how top organizations are tackling today’s most complex cybersecurity challenges? Join us at the CSO Conference & Awards, where industry leaders share strategies, tools, and real-world lessons you can apply immediately. Register now to secure your spot.
No Responses