Your best source on business and economy news from Kuwait

Provided by AGP

Kuwait Business Journal
Got News to Share?
Got News to Share? globe Explore more publications!

SANS Institute Releases AI Security Maturity Model to Close the Gap Between Enterprise AI Adoption and the Governance to Control It

Built in direct response to community demand, the SANS AI Security Maturity Model™ gives security leaders a stage-by-stage operational framework, including original guidance for agentic AI, mapped to NIST AI RMF, the EU AI Act, ISO 42001, and OWASP standards.

Bethesda, MD, May 12, 2026 (GLOBE NEWSWIRE) -- Employees across most organizations are using AI tools faster than their security teams can write policy for them. Sensitive data is moving into public models. Developers are pulling unverified models from open repositories. AI agents are being granted real authority inside production environments, often without an owner, an identity, or a documented permission boundary.

Today, SANS Institute released the SANS AI Security Maturity Model™ eBook a practical, stage-by-stage framework built to give security leaders a clear, evidence-based path from ad hoc AI use to a fully governed and secured program. Serving as the operational companion to the SANS Secure AI Blueprint, this guide was authored by Chris Cochran, Field CISO and VP of AI Security at SANS, with input from a global community of practitioners.

“This maturity model exists because the community asked for it. Over the past year, security leaders across industries kept describing the same problem to us at SANS: they had read the global AI standards, they understood the risks, and they still did not know what to do on Monday morning,” said Cochran, “This model answers that question, stage by stage, with specific controls, metrics, and prerequisites that organizations can apply immediately.”

The SANS AI Security Maturity Model™ is built on three pillars and five stages of maturity. The pillars (Protect AI, Utilize AI, and Govern AI) align with the SANS Secure AI Blueprint. The stages run from Stage 1 (Unaware / Ad Hoc) through Stage 5 (Optimizing / Adaptive), with detailed program indicators, people indicators, metrics, and a sequenced set of steps to advance at every stage.

“Most AI maturity frameworks I have read tell you what good looks like at the top of the mountain without showing you the trail. This model is the trail. Each stage has specific controls, specific metrics, and specific actions to advance, with explicit guidance on agentic AI and Non-Human Identity, where most organizations have a real blind spot today,” said Cochran. “The Principle of Least Agency, the agentic counterpart to least privilege, is the kind of original guidance practitioners told us they needed and could not find anywhere else.”

A defining feature is its insistence that no single maturity level is correct for every organization. A 30-person company at a genuine, evidence-based Stage 2 is in a stronger security posture than an enterprise claiming Stage 3 without documentation to prove it. The right target depends on AI adoption pattern, industry, regulatory environment, and risk tolerance. The model includes a Determining Your Target Maturity table and an evidence-based scoring system to help organizations set a defensible goal.

The framework is mapped directly to NIST AI RMF, the EU AI Act, ISO 42001, and the OWASP AI Exchange and OWASP Agentic Top 10. SANS’s formal partnership with OWASP on AI security standards is reflected throughout. For organizations facing regulator, customer, or partner scrutiny on AI governance, the model is designed to produce executive-ready reporting language and audit-defensible evidence.

“SANS AI Security Maturity Model™ closes a real gap. NIST, the EU AI Act, ISO 42001, and OWASP each describe what mature AI security looks like. None of them tell a CISO what to do first, what to do next, or how to know when they are ready to advance. That is what this model provides, built on top of those standards rather than around them,” said Rob T. Lee, Chief AI Officer and Chief of Research, SANS Institute. “The fact that practitioners helped shape it is why we believe it will hold up as the technology and the regulatory picture keep moving.”

Download the SANS AI Security Maturity Model™ eBook: https://go.sans.org/XOHqTg 


Jenn Elston
SANS Institute
301-654-7267
jelston@sans.org

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
LinkedIn Facebook

Sign up for:

Kuwait Business Journal

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.