Latest news with #JimReavis
Techday NZ
4 days ago
- Business
- Techday NZ
Cloud Security Alliance launches pledge for responsible AI use
The Cloud Security Alliance has introduced the AI Trustworthy Pledge, aiming to promote responsible and transparent development of artificial intelligence. The initiative is designed to address ongoing concerns regarding AI governance, including issues such as AI-generated misinformation, privacy risks, and ethical challenges that have come to the forefront as artificial intelligence is increasingly embedded in commercial and governmental decision-making. The Cloud Security Alliance (CSA), an organisation known for defining standards, certifications, and best practices for cloud security, stated that the AI Trustworthy Pledge serves as a public commitment to advance the responsible development and management of AI technologies. The Pledge forms part of the organisation's broader efforts under its AI Safety Initiative. This move follows recognition that previous approaches, where products are built before comprehensive risk and security considerations, are insufficient for the complexities posed by AI systems. The CSA emphasised the necessity for proactive frameworks that prioritise trust and accountability from the outset. The AI Trustworthy Pledge outlines four foundational principles for organisations engaged in AI-related activities. Participating organisations commit to safety and compliance, transparency, ethical accountability, and privacy protection across the lifecycle of AI design, deployment, and management. According to the CSA, the initiative begins with voluntary adoption by industry and is intended to pave the way for more formal standards and certification processes, including the forthcoming STAR for AI initiative. This later phase will establish detailed cybersecurity and trustworthiness requirements for generative AI services. "The decisions we make today around AI governance, ethics, and security will shape not only the future of our organizations and our industry, but of society at large. The AI Trustworthy Pledge provides a tangible opportunity to lead in this space, not just by managing risk, but by actively driving responsible innovation and helping to establish the industry standards of tomorrow," said Jim Reavis, CEO and co-founder, Cloud Security Alliance. Organisations who sign the pledge are required to ensure their AI systems adhere to several guidelines. These include prioritising user safety and compliance with applicable regulations, maintaining transparency about AI systems in use, ensuring ethical development that allows for explainable outcomes, and upholding rigorous privacy protections for personal data. Initial signatories include Airia, Endor Labs, Deloitte Consulting Srl S.B., Okta, Reco, Redblock, Securiti AI, Whistic, and Zscaler alongside others that have signalled their commitment to responsible AI practices through participation in the pledge. These organisations will be provided with a digital badge to signal their adherence to the outlined commitments. Principles outlined The CSA's AI Trustworthy Pledge is centred on four key principles. Firstly, safety and compliance require that organisations implement AI solutions that place user safety at the forefront and adhere to regulatory requirements. Secondly, transparency expects organisations to be open about the AI systems they employ in order to foster greater trust. Thirdly, ethical accountability is intended to ensure fairness and the ability to explain how AI-derived outcomes are determined. Lastly, privacy protection requires organisations to maintain strong safeguards over personal data processed by AI systems. By focusing on voluntary, public commitments, the CSA intends to encourage industry-wide adoption of responsible standards before introducing binding certification frameworks. This approach allows for alignment and shared understanding across different sectors and organisations as AI usage expands. Following the pledge's introduction, the CSA plans to launch the STAR for AI initiative. This will create detailed standards for cybersecurity and trust in generative AI, building on the early foundations laid by the Trustworthy Pledge. The announcement comes as organisations worldwide continue to debate appropriate regulatory, security, and ethical measures as AI technologies evolve. By establishing the Pledge, CSA aims to encourage dialogue and collective action among stakeholders on the responsible use of artificial intelligence.
Techday NZ
4 days ago
- Business
- Techday NZ
Cloud Security Alliance launches Valid-AI-ted tool for STAR checks
The Cloud Security Alliance has launched Valid-AI-ted, an AI-powered tool providing automated quality checks of STAR Level 1 self-assessments for cloud service providers. Valid-AI-ted integrates large language model (LLM) technology to offer an automated assessment of assurance information in the STAR Registry, aiming to improve transparency and trust in cloud security declarations. Jim Reavis, Chief Executive Officer and Co-Founder, Cloud Security Alliance, said, "With agile, vendor-neutral programs and a global network of industry experts, CSA is uniquely positioned to develop authoritative AI tools that address the real-world challenges of cloud service providers. Our focus on security-conscious innovation led to the creation of Valid-AI-ted and will continue to see us deliver forward-looking initiatives that will push the boundaries of secure, AI-driven technology." CSA members can use Valid-AI-ted without charge and submit assessments as frequently as needed. Non-member providers are limited to ten resubmissions and can remediate their entries based on feedback provided by the tool. If assessments meet the required standard, providers receive a STAR Level 1 Valid-AI-ted badge for display on the STAR Registry as well as their own platforms. Assessment process Valid-AI-ted uses AI-driven evaluation to systematically grade responses to the STAR Level 1 questionnaire, producing detailed reports with scores for each question and domain. Reports are delivered privately to the submitter and contain granular feedback that identifies strengths and areas for improvement. The automation, according to CSA, is unique in the cloud security assurance landscape, as it offers objective, rapid, and scalable validation of self-assessment submissions. The process utilises a standardised scoring model informed by the Cloud Controls Matrix (CCM), which underpins CSA's approach to cloud security best practices. A key feature of Valid-AI-ted is the opportunity for continuous improvement. The ability for organisations to revise and resubmit assessments is highlighted as beneficial for those seeking STAR certification or looking to enhance their transparency among customers and regulators. Comparative advantages CSA highlights several advantages of Valid-AI-ted when compared to traditional STAR Level 1 evaluations. The tool is intended to improve assurance by reducing variability in the quality of responses, as traditionally, customer interpretation is required when reviewing self-assessment answers. With Valid-AI-ted, users receive qualitative analysis and actionable feedback aligned with established CCM guidance. This approach is positioned to support organisations in maturing their processes and can serve as a stepping stone towards the more rigorous STAR Level 2 third-party assessments. The STAR Level 1 Valid-AI-ted badge, awarded to successful assessment submissions, is intended to offer heightened recognition for providers. CSA says this distinction can help providers stand out to customers, partners, and regulators by demonstrating a commitment to more than basic compliance requirements. STAR Registry context The STAR Registry is an online resource that publicly lists the security and privacy controls of cloud providers. It enables organisations to demonstrate compliance with various regulations and standards while supporting transparency and reducing the need for multiple customer questionnaires. The registry is based on principles detailed in the Cloud Controls Matrix, including transparency, auditing, and harmonisation of standards. The Valid-AI-ted tool and STAR Level 1 evaluations are part of a suite of assessments that build on these principles, aiming to support both providers and customers in understanding cloud security postures. Licensing and integration Solution providers interested in incorporating Valid-AI-ted grading into governance, risk, and compliance (GRC) solutions can obtain access to the relevant scoring rubric and prompts by securing a CCM licence from CSA. While Valid-AI-ted is available to CSA members at no charge, non-members can access the service for $595. Discounts are also available for participants attending CSA's Cloud Trust Summit, who will be provided with a code for a $200 reduction in fees through the end of June. With the launch of Valid-AI-ted, CSA seeks to provide automated, standardised, and actionable assurance assessment, utilising AI to address the evolving demands of cloud security and compliance.
Techday NZ
30-04-2025
- Business
- Techday NZ
Cloud Security Alliance launches initiative to automate compliance
The Cloud Security Alliance has established a new initiative, the Compliance Automation Revolution, to address the growing complexity of regulatory compliance in data security and privacy. Organisations are facing mounting pressure to comply with an expanding array of data security and privacy laws, a trend accelerated by the proliferation of artificial intelligence technologies. The challenge is compounded by the increasing volume of data and technological advances that expand compliance requirements, leading to rising costs and diminishing returns in security improvement efforts. The Compliance Automation Revolution (CAR) is a coalition supported by a range of industry partners, including Google, Oracle, Anecdotes, Coalfire, Deloitte Italy, Salesforce, Schellman, and Vanta. The initiative aims to offer practical and effective solutions to common compliance challenges, leveraging automation and collaborative frameworks to relieve the regulatory burden on organisations. CAR's objectives include enhancing the quality of compliance, reducing associated risks and costs, and progressing towards regulatory harmonisation. The initiative also seeks to introduce real-time information exchanges between businesses and regulators to bolster assurance and cultivate greater trust within the wider ecosystem. Jim Reavis, Chief Executive Officer and Co-Founder of the Cloud Security Alliance, stated, "With 16 years of thought leadership, cutting-edge innovation, and global expertise, CSA is uniquely positioned to lead the Compliance Automation Revolution. Through initiatives like the globally recognized Security, Trust, Assurance and Risk (STAR) program and vendor-neutral research, we've consistently prioritised the industry's evolving needs. Now, with the launch of CAR, we're shaping a future where compliance not only enhances security but does so efficiently - eliminating unnecessary costs and redundant efforts." The CAR coalition intends to focus on four main action areas. The first involves automating the collection and sharing of compliance evidence through standardised, machine-readable formats. The second area is the integration of compliance checks earlier in the software development lifecycle through shift-left approaches. Thirdly, CAR aims to harmonise diverse regulatory frameworks into a common set of controls. The fourth area is the development of metrics and models to objectively quantify security and compliance risks, including the standardisation of effectiveness and assurance measurement. Archana Ramamoorthy, Senior Director, Regulated and Trusted Cloud at Google Cloud and CAR Founding Member, commented, "Adhering to compliance is often viewed as a costly, point-in-time snapshot that lags behind the pace of innovation. CAR represents a vital industry collaboration to change that paradigm. By embracing automation, harmonisation, and 'compliance-as-code,' we're not just aiming to reduce audit fatigue; we're building a future founded on continuous, evidence-based trust that can finally scale with the dynamic nature of cloud and AI." Anil Markose, GVP, Chief Compliance Officer for Oracle SaaS, said, "The Compliance Automation Revolution marks a strategic move toward aligning compliance and security as complementary forces. As the regulatory landscape grows more complex, and threats become more sophisticated, it is critical for organisations to proactively address both. We're excited to work with CSA in advancing this mission." Yair Kuznitsov, CEO and Co-Founder of Anecdotes, explained, "Enterprises today face increasingly complex GRC environments, and the need for scalable, automated solutions has never been greater. At Anecdotes, we're proud to be an ambassador for the Compliance Automation Revolution initiative, championing innovation that will help organisations navigate these challenges with greater ease and efficiency. This initiative tackles an unsolved problem, and we anticipate every enterprise will benefit from the groundbreaking work coming out of it." Adam Shnider, Executive Vice President for Compliance Services at Coalfire, stated, "Security and compliance should be less of a burden — they should be a business enabler. The Compliance Automation Revolution provides the framework and collaboration needed to streamline compliance efforts, reduce risk exposure, and ensure organisations stay ahead of emerging threats." Fabio Battelli, Senior Partner at Deloitte Central Mediterranean for Cyber Security Services, said, "By joining the Compliance Automation Revolution, we reaffirm our commitment to proactive security and compliance excellence. In an era of growing regulatory complexity, automation is key to reducing operational risk and streamlining compliance efforts. CAR represents a significant step forward in enabling organisations to shift resources from manual compliance tasks to innovation and business growth." Prashant Vadlamudi, Senior Vice President, Product Security at Salesforce, added, "The regulatory landscape is shifting fast — and so are emerging threats. Static, check-the-box compliance models are no longer sufficient to keep pace. At Salesforce, we see compliance as a trust enabler, not a roadblock. That's why we're proud to join the Compliance Automation Revolution and partner with CSA to drive scalable, proactive solutions, leveraging the power of AI, that help organisations meet rising expectations with confidence." Avani Desai, Chief Executive Officer of Schellman, commented, "In today's environment of mounting regulatory demands and rapidly evolving cyber threats, the Compliance Automation Revolution isn't just timely, it's essential. It's about transforming how organisations approach compliance, turning a traditionally reactive process into a proactive strategy for resilience. By embracing automation and collaboration, we can drive smarter decisions, reduce risk, and build a stronger, more secure future." Jadee Hanson, Chief Information Security Officer at Vanta, said, "As regulations grow more complex and the threat landscape evolves, companies need automation not just to keep up, but to get ahead. The Compliance Automation Revolution is an important industry movement, and Vanta is proud to join this effort to push the industry toward smarter, more scalable ways of working. Together, we can simplify compliance, strengthen security programmes, and free up teams to focus on what matters most."
Associated Press
29-04-2025
- Business
- Associated Press
TrojAI Has Joined the Cloud Security Alliance as an AI Corporate Member
In joining as an AI Corporate Member, TrojAI becomes a strategic partner in CSA's AI Safety Ambassador program SAINT JOHN, NB and BOSTON, April 29, 2025 /CNW/ -- TrojAI, the first security platform for AI that protects the behavior of AI models, agents and applications, is pleased to announce it has joined the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, as an AI Corporate Member. In doing so, TrojAI is demonstrating its commitment to leading AI security and safety practices within its organization, as well as advocating for responsible AI practices across the industry and promoting pragmatic solutions to manage AI risks. 'AI is evolving rapidly, and with it comes an urgent need for clear, practical guidance to ensure its secure and responsible use,' said Lee Weiner, CEO of TrojAI. 'Joining the Cloud Security Alliance as an AI Corporate Member reflects our deep commitment to advancing secure and responsible AI development and collaborating with industry leaders to shape the future of secure, trustworthy AI systems.' CSA's AI Corporate Membership empowers organizations to lead, innovate, and excel in the evolving AI security landscape. AI Corporate Members are strategic partners in CSA's AI Safety Ambassador Program, with organizations receiving enhanced benefits designed to maximize their impact in the AI security landscape. 'We're thrilled to welcome TrojAI as a founding AI Corporate Member of the Cloud Security Alliance,' said Jim Reavis, CEO and co-founder of CSA. 'TrojAI's mission to secure the behavior of AI models, applications and agents aligns perfectly with the goals of our AI Safety Initiative. Together, we are focused on developing practical, trusted guidance for the safe and responsible use of AI. Their leadership and expertise will be invaluable as we shape the future of AI security.' Since its founding, TrojAI has been committed to protecting against threats to AI models, applications and agents so that enterprises can manage risks and innovate securely using AI. Learn more about TrojAI's commitment to the responsible development and implementation of AI. About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by the cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at and follow us on X @cloudsa. About TrojAI TrojAI's mission is to enable the secure rollout of AI in the enterprise. TrojAI delivers a comprehensive security platform for AI that protects AI models, applications and agents. The best-in-class platform empowers enterprises to safeguard AI models, applications and agents both at build time and run time. TrojAI Detect automatically red teams AI models, safeguarding model behavior and delivering remediation guidance at build time. TrojAI Defend is an AI application and agent firewall that protects enterprises from real-time threats at run time. By assessing the risk of AI model behavior during the model development lifecycle and protecting it at run time, TrojAI delivers comprehensive security for AI models, applications and agents. Media Contact [email protected] View original content to download multimedia: SOURCE TrojAI
Cision Canada
29-04-2025
- Business
- Cision Canada
TrojAI Has Joined the Cloud Security Alliance as an AI Corporate Member
In joining as an AI Corporate Member, TrojAI becomes a strategic partner in CSA's AI Safety Ambassador program SAINT JOHN, NB and BOSTON, April 29, 2025 /CNW/ -- TrojAI, the first security platform for AI that protects the behavior of AI models, agents and applications, is pleased to announce it has joined the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, as an AI Corporate Member. In doing so, TrojAI is demonstrating its commitment to leading AI security and safety practices within its organization, as well as advocating for responsible AI practices across the industry and promoting pragmatic solutions to manage AI risks. "AI is evolving rapidly, and with it comes an urgent need for clear, practical guidance to ensure its secure and responsible use," said Lee Weiner, CEO of TrojAI. "Joining the Cloud Security Alliance as an AI Corporate Member reflects our deep commitment to advancing secure and responsible AI development and collaborating with industry leaders to shape the future of secure, trustworthy AI systems." CSA's AI Corporate Membership empowers organizations to lead, innovate, and excel in the evolving AI security landscape. AI Corporate Members are strategic partners in CSA's AI Safety Ambassador Program, with organizations receiving enhanced benefits designed to maximize their impact in the AI security landscape. "We're thrilled to welcome TrojAI as a founding AI Corporate Member of the Cloud Security Alliance," said Jim Reavis, CEO and co-founder of CSA. "TrojAI's mission to secure the behavior of AI models, applications and agents aligns perfectly with the goals of our AI Safety Initiative. Together, we are focused on developing practical, trusted guidance for the safe and responsible use of AI. Their leadership and expertise will be invaluable as we shape the future of AI security." Since its founding, TrojAI has been committed to protecting against threats to AI models, applications and agents so that enterprises can manage risks and innovate securely using AI. Learn more about TrojAI's commitment to the responsible development and implementation of AI. About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by the cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at and follow us on X @cloudsa. About TrojAI TrojAI's mission is to enable the secure rollout of AI in the enterprise. TrojAI delivers a comprehensive security platform for AI that protects AI models, applications and agents. The best-in-class platform empowers enterprises to safeguard AI models, applications and agents both at build time and run time. TrojAI Detect automatically red teams AI models, safeguarding model behavior and delivering remediation guidance at build time. TrojAI Defend is an AI application and agent firewall that protects enterprises from real-time threats at run time. By assessing the risk of AI model behavior during the model development lifecycle and protecting it at run time, TrojAI delivers comprehensive security for AI models, applications and agents.
