{"id":22876,"date":"2026-04-30T10:36:11","date_gmt":"2026-04-30T10:36:11","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/22876\/"},"modified":"2026-04-30T10:36:11","modified_gmt":"2026-04-30T10:36:11","slug":"csai-foundation-announces-key-milestones-to-secure-the-agentic-control-plane","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/22876\/","title":{"rendered":"CSAI Foundation Announces Key Milestones to Secure the Agentic Control Plane"},"content":{"rendered":"<p><a href=\"https:\/\/csai.foundation\/\" target=\"_blank\" rel=\"noopener nofollow\">The Cloud Security Alliance (CSA),<\/a> the world\u2019s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education,\u00a0 announced a series of milestones that significantly expand the CSAI Foundation\u2019s\u00a0capacity to deliver on its 2026 mission of Securing the Agentic Control Plane.<\/p>\n<p>Also Read:\u00a0<a href=\"https:\/\/aithority.com\/interviews\/aithority-interview-with-glenn-jocher-founder-ceo-ultralytics\/\" target=\"_blank\" rel=\"noopener nofollow\">AiThority Interview with Glenn Jocher, Founder &amp; CEO, Ultralytics<\/a><\/p>\n<p id=\"pull-quote\" class=\"font-figtree text-lg lg:text-[24px] leading-6 lg:leading-[38px]\">\u201cToday\u2019s announcements give enterprises, auditors, and regulators the technical specifications and assurance scaffolding to say yes to agentic AI without losing control of it.\u201d<\/p>\n<p>Unveiled at the\u00a0CSA Agentic AI Security Summit, the announcements include the launch of the\u00a0STAR for AI Catastrophic Risk Annex\u00a0(Annex), authorization as a CVE Numbering Authority (CNA) through MITRE, and the acquisition of two foundational agentic-AI specifications.<\/p>\n<p>\u201cThe global economy is contending with two exponentials at once: frontier models leapfrogging each other month over month, and viral, bottom-up adoption of agents inside the business,\u201d said Jim Reavis, CEO and co-founder, Cloud Security Alliance. \u201cToday\u2019s announcements give enterprises, auditors, and regulators the technical specifications and assurance scaffolding to say yes to agentic AI without losing control of it.\u201d<\/p>\n<p>Launched with support from Coefficient Giving, a philanthropic organization backing long-horizon AI safety work, the Catastrophic Risk Annex extends CSA\u2019s\u00a0AI Controls Matrix (AICM)\u00a0and the broader\u00a0STAR for AI\u00a0assurance program to address scenarios involving loss of human oversight, uncontrolled system behavior, and other large-scale, irreversible, society-wide consequences, focusing on what can actually be tested in production. A four-phase rollout will begin in June 2026 and continue through December 2027, aligned with the NIST AI RMF, the EU AI Act, and ISO\/IEC 42001, culminating in the inaugural\u00a0State of Catastrophic AI Risk Controls Report.<\/p>\n<p>CSAI Foundation has also made significant progress in advancing its AI Risk Observatory, a mission made more urgent by rapid model advancement and the growing ability of AI systems to discover, generate, and amplify cybersecurity findings at scale. As part of this work, the Cloud Security Alliance has been authorized by the CVE Program as a CVE Numbering Authority (CNA). Our initial operational scope is addressing vulnerabilities in our software tools. CSAI is now organizing research work streams and operational projects with existing CNAs and ecosystem partners focused on building toward responsible agentic-specific vulnerability coordination, CVE\/NVD ecosystem gaps, AI-assisted human-verified vulnerability enrichment and practical guidance for defenders.<\/p>\n<p>The Foundation also strengthened the technical and governance foundations required to secure the agentic control plane through two strategic acquisitions. Thanks to the generosity of CSA corporate member\u00a0Vanta, the\u00a0Autonomous Action Runtime Management (AARM)\u00a0specification \u2014 an open system specification for securing AI-driven actions at runtime across context, policy, intent, and behavior \u2014 has been contributed to the CSAI Foundation. AARM founder Herman Errico will continue to lead the development of the specification as the working group chair. We are also pleased to announce an agreement with Josh Woodruff, founder of\u00a0MassiveScale.AI\u00a0to transfer stewardship of the\u00a0Agentic Trust Framework (ATF). Woodruff, a CSA Research Fellow and co-chair of the CSA\u00a0Zero Trust Working Group, has applied Zero Trust principles to agentic AI to provide a robust governance framework and will continue to lead the development of ATF.<\/p>\n<p>Also Read:\u00a0<a href=\"https:\/\/aithority.com\/machine-learning\/the-infrastructure-war-behind-the-ai-boom\/\" target=\"_blank\" rel=\"noopener nofollow\">\u200b\u200bThe Infrastructure War Behind the AI Boom<\/a><\/p>\n<p>[To share your insights with us, please write to\u00a0<a tabindex=\"-1\" title=\"https:\/\/aithority.com\/security\/csai-foundation-announces-key-milestones-to-secure-the-agentic-control-plane\/mailto:psen@itechseries.com\" href=\"https:\/\/aithority.com\/security\/csai-foundation-announces-key-milestones-to-secure-the-agentic-control-plane\/mailto:psen@itechseries.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">psen@itechseries.com]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"The Cloud Security Alliance (CSA), the world\u2019s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity&hellip;\n","protected":false},"author":2,"featured_media":22877,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15782,179,7493,8916,15783],"class_list":{"0":"post-22876","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-agentic-ai","8":"tag-aarm","9":"tag-agentic-ai","10":"tag-agentic-artificial-intelligence","11":"tag-cloud-security","12":"tag-csai"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/22876","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=22876"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/22876\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/22877"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=22876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=22876"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=22876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}