Welcome to CoSAI! CoSAI is an Open Source project, so anyone can get involved and start contributing by joining a workstream (WS) mailing list, attending WS meetings, submitting an issue or a PR to a CoSAI repository, or by participating in other official project tool.
Every CoSAI contributor is required to sign a Contributor License Agreement (CLA). You can sign the CLA at this link: https://cla-assistant.io/cosai-oasis/oasis-open-project.
We suggest you take a look at the CoSAI Governance and the Workstream Governance. The CoSAI Open Project follows the OASIS Participants Code of Conduct.
All CoSAI workstreams have public mailing lists. These lists are the official communication channels of each workstream. Make sure to subscribe to the list of your workstream(s). Once you subscribe, the CoSAI Program Managers will add you to the meeting invitation for your workstream.
- WS1 Supply Chain Security WS list – subscribe by sending an email to cosai-supply-chain-ws+subscribe@lists.oasis-open-projects.org
- WS2 Preparing Defenders WS list – subscribe by sending an email tocosai-defenders-ws+subscribe@lists.oasis-open-projects.org
- WS3 AI Risk Governance WS list – subscribe by sending an email to cosai-risk-governance-ws+subscribe@lists.oasis-open-projects.org
- WS4 Secure Design Patterns for Agentic Systems – subscribe by sending an email to cosai-agentic-systems-ws+subscribe@lists.oasis-open-projects.org
All workstreams meet on a regular schedule, usually weekly or bi-weekly. If you want to participate, we suggest that you familiarize yourself with the current status of the WS, via the mailing list archive and the WS GitHub repository for your workstream. When you join your first meeting, please introduce yourself briefly in the meeting chat.
All CoSAI workstreams have one or more repos.
This workstream focuses on enhancing AI security by addressing the challenges of third-party model risks, provenance, and AI application security. It builds upon widely recognized security frameworks like the SSDF and SLSA, extending them for AI development.
The goal of this workstream is to develop a defender’s framework to identify needed investments to address the security impacts of AI use by business applications, attackers, and defenders as well as mitigations techniques and best practices. The Defender’s framework aims to scale investments and mitigation strategies with the emergence of pivotal offensive cybersecurity advancements in AI models.
Workstream 3 contributors are working to develop a security-focused risk and controls taxonomy, checklist, and scorecard to guide practitioners in readiness assessments, management, monitoring, and reporting of their AI products, services, and components.
The goal of this workstream is to research and develop secure design patterns for AI-based agentic systems including updates to AI usage threat models, conceptual high-level secure design pattern(s), impacts to secure infrastructure design, and other agent integration and use based needs.
CoSAI participants also use a Google Drive for draft documents. Once you join a workstream, you will be added to either the read or write group for the WS folder. Please note: write access is dependent on the signed CLA.
If you need help with any of the tools, or if you have any questions on processes or CoSAI in general, please contact the OASIS team at op-admin@oasis-open.org.