How MOSAIC's formation was announced by its founding organizations.
SANS Institute · April 28, 2026
Global AI Security Standard Organizations Gather Under MOSAIC to Reduce Fragmentation
At an invitation-only forum in Arlington, representatives from OWASP, SANS, NIST, CSA, CIS,
CoSAI, and BIML formed MOSAIC — the first collective collaboration of its kind among AI
security standard organizations. The group took shape on April 21, 2026, alongside the SANS
AI Cybersecurity Summit, to address a problem defenders and CISOs have raised with growing
urgency: AI security guidance is proliferating faster than it is being coordinated.
SANS frames the stakes plainly — when practitioners open ten documents from ten respected
bodies and find ten different definitions of "AI risk," the cost of fragmentation shows up
as real incidents. MOSAIC is positioned not as another framework, but as a way to connect
the ones that already exist so practitioners can actually use them.
MOSAIC Coalition Launches to Operationalize AI Security Standards and Reduce Industry Fragmentation
CIS announced it is a charter member of MOSAIC, joining BIML, CSA, CoSAI, NIST, the OWASP
AI Exchange, the OWASP GenAI Security Project, and SANS. As AI adoption grows, so does the
volume of security guidance — but it lacks coordination, leaving organizations with a
confusing mix of frameworks and recommendations that often conflict.
The initiative will focus on creating common definitions for key concepts, aligning existing
guidance so it works together rather than competing, publishing clear best practices, and
helping organizations apply that guidance in real-world environments. Working groups begin
immediately, with first outputs aimed at simplifying terminology and aligning existing guidance.
In a personal announcement, Rob van der Veer shared the news of MOSAIC's founding on April 21,
2026: leading standardization initiatives gathered in Washington DC and agreed to begin
coordinating collectively on AI security. The forum was organized and led by the OWASP AI
Exchange with SANS as co-host, convening standard makers and policy stakeholders.
Among the next steps: a standardized map of participating initiatives and a communication
platform to exchange insights on a first list of topics — aligning with initiatives such as
ISO/IEC SC 42, building on OpenCRE, and reaching consensus on definitions — all while moving
fast, maintaining independence, and keeping coordination lightweight.
