What happened
SANS Institute and the OWASP AI Exchange announced they have fully aligned their AI security control frameworks into one shared structure, additionally mapped to the taxonomy underlying ISO/IEC and CEN/CENELEC AI security standardization efforts. The alignment was produced under the MOSAIC standards coordination initiative (founded April 2026), whose charter members include NIST, BIML, CIS, CoSAI, OWASP AI Exchange, OWASP GenAI Security Project, CSA, and SANS. Concretely, OWASP AI Exchange's 'AI Security Essentials' and SANS' 'Critical AI Security Guidelines' now share a common control set covering model-behavior limitation, AI supply-chain risk, and governance. The SANS Critical AI Security Guidelines landing page was confirmed live via direct fetch (sans.org/mlp/critical-ai-security-guidelines). Exact publication date could not be definitively established from primary-source metadata (no datePublished recovered), but corroborating practitioner/organizational LinkedIn posts (OWASP AI Exchange org account, Rob van der Veer, Rob T. Lee/SANS) place the announcement in the current research window; flagging date uncertainty per protocol.
Why it matters
Reduces fragmentation among competing AI security frameworks by harmonizing two widely-used practitioner resources with the taxonomy feeding into ISO/IEC and CEN/CENELEC formal standards — a coordination step relevant to any organization currently choosing between OWASP AI Exchange and SANS guidance for AI security programs.
Action needed
Organizations using either OWASP AI Exchange or SANS AI security guidance should review the newly harmonized control set (covering model behavior, AI supply chain, and governance) and update internal control mappings accordingly; watch MOSAIC for further multi-body convergence.