# Cybersecurity Snapshot: AI Security Field Gets Boost from New CSA Framework and from SANS - OWASP Partnership
The world of cybersecurity is constantly evolving, and artificial intelligence (AI) is no exception. As organizations continue to adopt AI systems, they must also ensure that these systems are secure and compliant with industry standards.
In this week's Cybersecurity Snapshot, we'll explore six key developments in the AI security field:
## 1. Cloud Security Alliance Unveils New Framework for Securing AI Systems
The Cloud Security Alliance (CSA) has released a new framework for securing AI systems. The "Artificial Intelligence Controls Matrix" provides a vendor-agnostic framework that organizations can use to develop, deploy, and operate AI systems securely and responsibly.
"We're excited to bring this level of standardization to the AI community," said Jim Reavis, CSA CEO and co-founder. "The AI Controls Matrix bridges the gap between lofty ethical guidelines and real-world implementation."
The framework includes 243 AI security controls categorized into 18 domains, including application and interface security, threat and vulnerability management, and data protection.
### Example Domains:
* **Application and Interface Security**: This domain includes controls for: * Application security metrics * Secure application development cycle * Application security testing * Input and output validation * API security * Application vulnerability remediation
* **Threat and Vulnerability Management**: This domain includes controls for: * Penetration testing * Vulnerability remediation * Vulnerability prioritization * Vulnerability management reporting and metrics * Threat analysis and modeling
To learn more about the AI Controls Matrix, check out this video:
[Video Link]
## 2. SANS and OWASP Team Up for AI Security
SANS Institute and OWASP have partnered to jointly develop a comprehensive set of AI security controls. The organizations will mash up the work done in the OWASP AI Exchange project with the SANS Critical AI Security Guidelines v1.1 to produce AI security controls in six core areas that cybersecurity teams can adopt right away.
"This partnership is about clarity," said Rob van der Veer, founder of the OWASP AI Exchange. "We already have the technical foundation. SANS helps us bring it into the field and make it real for defenders."
The partnership's work will be made available as open-source resources. Got ideas? You can contribute via the SANS community section on Github or via the OWASP AI Exchange contribution page.
To learn more about the SANS-OWASP partnership, check out these Tenable Research blogs:
[Tenable Research Blogs]
## 3. Accenture: Most Orgs Unprepared for AI-Boosted Cyber Attacks
Hackers' use of AI is far outpacing defenders' ability to handle AI-powered attacks, so cybersecurity teams must step up their efforts to mitigate this rapidly evolving cyber threat.
Accenture's "State of Cybersecurity Resilience 2025: Elevate Your Cybersecurity to Fit an AI-driven World" report is based on a global survey of almost 2,300 tech executives — 80% of them CISOs and 20% CIOs — from large organizations.
"With unprecedented speed and scale, AI is enabling attackers to bypass legacy systems and overwhelm security teams. Traditional defenses are no longer sufficient," the report reads.
To get more details, read the full 41-page report "State of Cybersecurity Resilience 2025: Elevate Your Cybersecurity To Fit an AI-driven World."
For more information about protecting AI systems against cyber attacks:
[Protecting AI Systems Against Cyber Attacks]
## 4. U.S. Gov’t Doubles Down on Iran Cyber Threat Warning
Following a Department of Homeland Security (DHS) alert about potential cyber attacks from Iran-backed hackers and hacktivists, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies chimed in, echoing the warning.
In the joint "Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest" fact sheet, CISA, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) prompted U.S. organizations, especially those in critical infrastructure sectors, to be on alert due to the U.S. involvement in the Israel - Iran military conflict.
"At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, we are urging critical infrastructure organizations to stay vigilant to Iranian-affiliated cyber actors that may target U.S. devices and networks," reads a joint statement.
Iran-linked cyber attackers tend to exploit low-hanging fruit, such as assets with unpatched known vulnerabilities; and internet-connected accounts and devices with common or default passwords.
For more information about Iran’s cyber threat to U.S. critical infrastructure:
[Iran's Cyber Threat to U.S. Critical Infrastructure]
## 5. SMB Cybersecurity Playbook Gets a Makeover
A playbook designed to help small and medium-sized businesses (SMBs) adopt strong cybersecurity practices has been revamped with the goal of making it easier to use.
The Cyber Readiness Playbook is now made up of two main components – the playbook and a step-by-step adoption guide, the Cyber Readiness Institute (CRI) announced this week.
"With simple language, adaptable templates, and step-by-step guidance, the Playbook makes it easier than ever to embed good cybersecurity habits into daily business operations," the CRI said in a statement.
The Cyber Readiness Playbook focuses on four key cybersecurity areas:
For more information about cybersecurity best practices for SMBs:
[Cybersecurity Best Practices for SMBs]
## 6. CIS Delivers New and Updated Benchmarks for Apple, Microsoft, Google Products – and More
Apple iOS, Google Kubernetes Engine and Microsoft Windows Server are some of the products whose Center for Internet Security (CIS) Benchmarks got updated in June.
Specifically, these secure-configuration recommendations were updated:
In addition, CIS released these four brand new Benchmarks:
To get more details, read the CIS blog “CIS Benchmarks July 2025 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:
[CIS Benchmarks List]
Stay up-to-date with the latest in AI security and cybersecurity news.