Who's Securing AI/ML? A Guide to the Global Landscape

The OWASP AI Exchange is a continuously updated, community-driven knowledge base covering AI security threats, controls, and governance. It maps directly to ISO/IEC 42001, NIST AI RMF, and the EU AI Act — making it a practical bridge between frameworks and implementation.

Feeds into the OWASP Top 10 for LLM Applications and is actively maintained by the global OWASP community.

ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is MITRE's adversarial ML knowledge base, modeled after ATT&CK. It catalogs real-world adversary tactics, techniques, and case studies targeting ML systems — from data poisoning and model evasion to supply chain attacks.

Invaluable for red-teaming AI systems. Actively expanded with new techniques and real incident case studies.

The Cloud Security Alliance's AI Safety Initiative produces research, guidance, and tools specifically for AI safety and security in cloud environments. Topics include AI model security, responsible AI, AI governance, and LLM application security.

Secure-ML is an open-source framework from Thales Group covering end-to-end security for the ML lifecycle — from data collection and model training through deployment and monitoring. It includes a threat taxonomy, 40+ curated open-source security tools mapped to lifecycle stages, and was presented at OWASP LASCON 2024.

Full disclosure: I was the project leader and key contributor at Thales. The framework is freely available on GitHub.

MLCommons runs the AI Risk & Reliability working group that develops benchmarks and evaluation frameworks to measure safety and robustness in ML models. Their work underpins standardized safety evaluation across industry — including the widely cited MLPerf benchmarks.

Particularly relevant for organizations needing quantifiable, reproducible safety metrics for AI models.

The UK's AI Security Institute is one of the first government bodies dedicated exclusively to AI safety research. It conducts evaluations of frontier AI models for dangerous capabilities, develops safety testing methodologies, and publishes findings to inform global policy. The AISI sits within the UK Department for Science, Innovation and Technology.

The AISI participated in pre-deployment evaluations of major frontier models from OpenAI, Anthropic, Google DeepMind, and Meta.

NIST's AI RMF provides a voluntary framework for managing AI risks across the full lifecycle — from design to deployment. It defines four core functions: Govern, Map, Measure, and Manage. NIST also publishes the AI 600-1 profile specifically addressing generative AI risks.

NIST AI RMF is the de facto standard referenced by US federal agencies and widely adopted by enterprises globally.

The European Union's AI Act is the world's first comprehensive legal framework for AI. It classifies AI systems by risk level (unacceptable, high, limited, minimal) and imposes conformance requirements on high-risk systems — including mandatory security testing, transparency obligations, and human oversight.

Phased enforcement began in 2024. High-risk AI systems must meet conformance requirements before EU market access.

The US Cybersecurity and Infrastructure Security Agency publishes AI security guidelines for critical infrastructure operators. CISA co-authored joint advisories with international partners on secure AI development and deployment, and maintains resources on AI supply chain security.

CoSAI is an OASIS Open industry consortium founded by Google, IBM, Microsoft, NVIDIA, PayPal, and others to develop AI security standards and open-source tooling. Its workstreams cover software supply chain security for AI, preparing defenders for AI-powered attacks, and AI security governance for enterprises.

CoSAI's work is published as OASIS Open Standards — royalty-free and publicly available.

SANS Institute's AI Security Blueprint organizes the AI security practitioner's responsibilities into three pillars: Protect AI (securing the AI pipeline and models), Utilize AI (safely integrating AI tools in security workflows), and Govern AI (policy, compliance, and risk management for AI systems). It maps to existing SANS training courses and certifications.

Useful for security teams building an AI security practice — maps directly to skill gaps and training paths.

Google's Secure AI Framework (SAIF) is a conceptual framework for securing AI systems throughout their lifecycle. It defines six core elements: expanding strong security foundations to AI, extending detection and response to bring AI into the security ecosystem, automating defenses with AI, harmonizing platform-level controls, adapting controls to address AI-specific risks, and contextualizing AI risks in surrounding business processes.

SAIF is complementary to NIST AI RMF and OWASP AI Exchange — it's Google's opinionated take on operationalizing AI security at scale.

Google DeepMind's Frontier Safety Framework defines evaluation criteria for identifying critical capability thresholds in frontier models — particularly around dangerous capabilities like bioweapons assistance or autonomous cyberattacks. It establishes mitigation protocols when models approach those thresholds.

Anthropic's Responsible Scaling Policy commits to pausing or slowing training runs if evaluations reveal that a model crosses defined safety thresholds (AI Safety Levels, or ASLs). It includes mandatory pre- and post-deployment evaluations and transparency reporting — influencing how other frontier labs approach safety commitments.