The SANS Institute has just provided a needed new framework that is just as important. It’s titled the SANS Secure AI Blueprint, and it’s dedicated to improving the security of artificial intelligence (AI) systems. This initiative opens a Protect AI track. This provides organizations with a well-defined baseline to help them consider what makes their AI implementations robust and secure. The blueprint goes deeper into specific security practices that should … It addresses the growing, bipartisan concerns over vulnerabilities in AI systems.
That blueprint outlines six control domains that take high-level best practice guidance and lay them out in concrete terms. These domains are an extension of the SANS Critical AI Security Guidelines. Frank Kim, a well-known Fellow at the SANS Institute, played a major role in creating these guidelines. We know the AI security landscape is changing quickly. These guidelines mark a meaningful step toward providing a vital resource for organizations that are committed to ensuring their AI technologies are secure.
Key Components of the Blueprint
The SANS Secure AI Blueprint fits well into these frameworks. It builds off principles from the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework and the OWASP Top 10 for Large Language Models (LLMs). By incorporating these well-known paradigms, the blueprint offers a collaborative framework for addressing vulnerabilities built into AI systems.
The OWASP Top 10 for LLMs outlines big, scary vulnerabilities that pose harmful risks. Some of these threats are prompt injection, insecure plugin integrations, model poisoning, and data exposure. These vulnerabilities are important to fix since they can allow an attacker to gain access to or control over AI models. The SANS Secure AI Blueprint, while extensive and heavily focused on NIST framework and OWASP guidelines, offers powerful mitigations. This, in turn, enables organizations to better equip themselves to effectively execute their security strategies.
Because agentic AI systems are supposed to get a pass as a first-class identity. This acknowledgment must be reflected within that organization’s IAM – Identity and Access Management – infrastructure. This remaining perspective brings into stark focus the need to implement access controls in accordance with the principles of least privilege and strong authentication. These measures should be applicable to all models, datasets, or application programming interfaces (APIs). In so doing, we can vastly improve the security posture of AI deployments.
Upcoming Insights at SANS Surge 2026
Frank Kim will discuss these ideas in greater depth in his keynote address, so stay tuned! Meet him at SANS Surge 2026—February 23–28, 2026! This event will explore how security teams can ensure that their AI systems are not only functional but safe to depend on. Attendees will tackle in-depth discussions concerning the practical implications of the SANS Secure AI Blueprint. They’ll dissect its relevance in today’s rapid-fire technological environment.
Join us at SANS Surge 2026 to be a part of this exciting platform. Learn from industry leaders with exclusive, thought-provoking discussions on best practices, overcoming challenges, and innovations in AI security. The conference will bring together leaders from all sectors of the sharing economy. About the Authors Craig Albright Craig Albright Craig Albright is an advisor on AI safety and security.
Translating Guidance into Operational Defense
The SANS Secure AI Blueprint is the practical how-to guide that organizations need. It supports them in bolstering their AI security frameworks. By offering clear, actionable insights and tying itself to widely accepted standards, it serves the function of helping organizations turn high-level, theoretical guidance into tangible, operational defenses. This alignment is important, especially as organizations’ dependence on AI technologies for more sensitive operations and decision-making processes quickly grows.
Addressing vulnerabilities in AI systems requires more than just technical solutions. It requires a smart approach that incorporates proven policies, clear processes and specialized training. The blueprint urges engaging organizations to take a preventive approach to detecting risks and putting measures in place to protect against them.