Back Issues This Week → Current Issue → Popular →

SANS Institute has released the AI Security Maturity Model eBook, a practical framework designed to address the gap between rapid AI adoption and security governance in organizations. The model features three pillars (Protect AI, Utilize AI, Govern AI) and five maturity stages, providing specific controls, metrics, and actionable steps for security leaders to implement on an immediate basis.

The framework is mapped to NIST AI RMF, EU AI Act, ISO 42001, and OWASP standards, and includes original guidance on agentic AI and the Principle of Least Agency. According to SANS Field CISO Chris Cochran, the model answers the critical question of what security leaders should do operationally while acknowledging that different organizations require different maturity targets based on their adoption patterns and risk tolerance.