From the Frontline Cyber for the AI Era скачать в хорошем качестве

From the Frontline Cyber for the AI Era

🧭🛡️ From the Frontiers: Making AI Security Standards Actionable at National Scale This session from the OWASP GenAI Security Project Virtual Summit (October 2025) shares field-tested lessons from deploying AI security standards on real national-scale systems across government, healthcare, and finance. The speaker (AI Security Lead at Kynos; OWASP GenAI board member and Agentic Security Initiative co-lead; contributor to NIST AI Safety Institute work) explains how we move from “standards overload” to practical, risk-based execution. Key problem: the explosion of AI security guidance can cause standards fatigue and checkbox compliance. The talk highlights the UK’s evolving baseline (originating from the UK AI Security Code of Practice) and its lifecycle-driven approach (“shall / should / could”), mapped to existing frameworks (OWASP, NIST, CSA, NCSC) and converging with broader regulation (EU AI Act, ISO). Threat modeling and risk management are foundational—but not enough on their own. The core contribution is a lightweight meta-framework (ASAP) that “right-sizes” security by aligning controls to organizational reality using six macro factors: sector, culture, AI strategy, skills/resources, market dynamics, and organization size. These inputs guide three posture profiles—Baseline, Enhanced, Assured—and help teams choose between fast, agile methods (e.g., OWASP Compass) and deeper threat modeling (or both) depending on constraints. Takeaways: pick a profile, map to the baseline requirements across the lifecycle, apply threat modeling/Compass proportionally, and continuously reassess—so security stays sustainable, innovation-friendly, and effective. 👉 Learn more about the OWASP GenAI Security Project: https://genai.owasp.org #AISecurity #OWASP #GenAI #AgenticAI #Standards #ThreatModeling #NIST #EUAIAct #Governance