{"id":29694,"date":"2026-05-06T16:13:25","date_gmt":"2026-05-06T16:13:25","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/29694\/"},"modified":"2026-05-06T16:13:25","modified_gmt":"2026-05-06T16:13:25","slug":"cloud-security-alliance-expands-agentic-ai-governance-work-the-journal","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/29694\/","title":{"rendered":"Cloud Security Alliance Expands Agentic AI Governance Work — THE Journal"},"content":{"rendered":"\n

Cloud Security Alliance Expands Agentic AI Governance Work<\/p>\n

The Cloud Security Alliance (CSA) has announced a series of CSAI Foundation milestones aimed at securing what it calls the agentic control plane, including a new catastrophic risk initiative, CVE Numbering Authority authorization, and the acquisition of two agentic AI specifications.<\/p>\n

The April 29 announcement<\/a>, made at the CSA Agentic AI Security Summit, centers on governance and assurance for agentic AI systems. CSA said the milestones expand the CSAI Foundation’s 2026 mission of “Securing the Agentic Control Plane.”<\/p>\n

According to CSA, the announcements include the launch of the STAR for AI Catastrophic Risk Annex, authorization as a CVE Numbering Authority through MITRE and the acquisition of the Autonomous Action Runtime Management specification and Agentic Trust Framework.<\/p>\n

“The global economy is contending with two exponentials at once: frontier models leapfrogging each other month over month, and viral, bottom-up adoption of agents inside the business,” said Jim Reavis, CEO and co-founder of CSA. “Today’s announcements give enterprises, auditors, and regulators the technical specifications and assurance scaffolding to say yes to agentic AI without losing control of it.”<\/p>\n

Catastrophic Risk Annex Planned<\/p>\n

The STAR for AI Catastrophic Risk Annex<\/a> is being launched with support from Coefficient Giving, which CSA described as a philanthropic organization backing long-horizon AI safety work. CSA said the annex extends the AI Controls Matrix and STAR for AI assurance program to cover scenarios involving loss of human oversight, uncontrolled system behavior and other large-scale, irreversible, society-wide consequences.<\/p>\n

The annex is designed to focus on controls that can be tested in production environments, according to CSA. A related CSA blog post said the project will identify existing AICM controls relevant to catastrophic risk, introduce new controls where gaps exist, and define evidence requirements and testing criteria suitable for independent assessment.<\/p>\n

The rollout is planned in four phases from June 2026 through December 2027. Phase 1, from June through September 2026, is intended to translate catastrophic risk scenarios into auditable control language. Phase 2, from October through December 2026, is intended to develop validation protocols. Phase 3, from January through June 2027, is intended to bring the annex into real-world environments through pilot assessments, assessor training, and reference implementations. Phase 4, from July through December 2027, is intended to produce public STAR for AI registry entries, benchmarking, and a State of Catastrophic AI Risk Controls Report.<\/p>\n

CSA said the annex will align with the NIST AI RMF, the EU AI Act and ISO\/IEC 42001. The source does not document specific control text for the annex.<\/p>\n

AICM and STAR for AI Context<\/p>\n

The annex builds on CSA’s AI Controls Matrix<\/a>, which CSA describes as a vendor-agnostic framework for cloud-based AI systems. CSA says the AICM contains 243 control objectives across 18 security domains and maps to standards including ISO 42001, ISO 27001, NIST AI RMF 1.0, and BSI AIC4.<\/p>\n

The AICM package includes the matrix itself, mapping to NIST AI 600-1, ISO 42001, and the EU AI Act, implementation guidelines, auditing guidelines, the AI-CAIQ questionnaire, introductory guidance, and a STAR for AI Level 1 submission guide, according to CSA.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"Cloud Security Alliance Expands Agentic AI Governance Work The Cloud Security Alliance (CSA) has announced a series of…\n","protected":false},"author":2,"featured_media":29695,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[179,7493,8913,19475,19476],"class_list":{"0":"post-29694","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-agentic-ai","8":"tag-agentic-ai","9":"tag-agentic-artificial-intelligence","10":"tag-cloud-security-alliance","11":"tag-csa","12":"tag-csai-foundation"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/29694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=29694"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/29694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/29695"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=29694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=29694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=29694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}