A Maturity Model Built for AI Security Programs
At RSAC Conference 2026, CSA Chief Analyst Rich Mogull outlined the organization's AI Security Maturity Model (AISMM), a framework aimed at helping enterprises build and manage AI security programs with measurable outcomes rather than abstract governance checklists. 1From Cloud to AI: Building Security Programs That Scale
The AISMM covers five distinct categories: model security, AI infrastructure, agentic applications, MCP servers, and AI developer enablement. 1From Cloud to AI: Building Security Programs That Scale 2AI Security Maturity Model | CSA Each category includes specific key performance indicators designed to be automatable - enabling organizations to connect tools like cloud security posture management (CSPM) platforms directly to their maturity tracking. 1From Cloud to AI: Building Security Programs That Scale
The distinction matters. Existing AI maturity models - including those from NIST and ISO - tend to focus on individual AI projects or high-level governance. CSA's AISMM is explicitly scoped to enterprise-wide AI security programs, providing direct guidance on building and managing an operational security practice rather than assessing a single model or use case. 2AI Security Maturity Model | CSA The model is currently in its final review phase after receiving more than 600 comments from 60 international reviewers. 1From Cloud to AI: Building Security Programs That Scale
From Research to Implementation
Mogull, who joined CSA in October 2025 after years as an independent consultant, described a pattern he encountered repeatedly: organizations would adopt CSA research frameworks but struggle to implement them without external help. "That model does not scale," he said, framing his mandate as building support structures directly into CSA's membership. 1From Cloud to AI: Building Security Programs That Scale
CSA's restructured Enterprise Membership tiers, announced in March 2026, center on what Mogull calls the Operational Maturity Roadmap - a three-year program running from foundational assessment through operationalization to external communications, including support for completing STAR registry entries and the Consensus Assessment Initiative Questionnaire (CAIQ). 1From Cloud to AI: Building Security Programs That Scale
The operational cycle works as follows:
The approach reflects a broader industry shift. As NullSec has reported, 53% of organizations have already experienced AI agent scope violations, and only 13% feel highly prepared for upcoming AI-related regulations. Frameworks that remain on the shelf do not reduce that exposure.
Why Agentic Applications and MCP Servers Got Their Own Categories
The inclusion of agentic applications and MCP (Model Context Protocol) servers as standalone AISMM categories signals where CSA sees risk concentrating. Agent-to-agent interactions through MCP connections create runtime trust relationships that are invisible to traditional security tooling - a problem CSA has documented extensively in recent research on scope violations and trust chain failures.
By giving these areas dedicated maturity categories with their own KPIs, the AISMM acknowledges that agentic AI security is not a subcategory of model security or infrastructure protection - it is a distinct operational domain requiring distinct controls.
The Three-Pillar Strategy
Mogull framed CSA's overall scope as three interconnected pillars: cloud, zero trust, and AI. 1From Cloud to AI: Building Security Programs That Scale The connection is architectural, not arbitrary. Zero trust principles emerged as a response to cloud adoption, and AI workloads are predominantly cloud-native. Each pillar represents what Mogull called a "transformational, disruptive technology" that existing security practices do not map onto cleanly. 1From Cloud to AI: Building Security Programs That Scale
The AISMM is designed as a companion to CSA's existing Cloud Security Maturity Model, also authored by Mogull, with a consistent methodology: define the journey, build measurable KPIs, and make outputs automatable. 1From Cloud to AI: Building Security Programs That Scale
What This Means for Security Teams
The AISMM gives security leaders a concrete artifact to take into budget conversations and board reviews - one that maps AI security investment to measurable outcomes rather than compliance checkboxes. For practitioners, the automatable KPI design means maturity tracking can integrate with existing CSPM and security tooling rather than requiring separate manual assessments.
The final model is expected to publish after the review period closes. Organizations evaluating AI security program maturity now have a reason to wait for the AISMM before committing to less operationally focused alternatives.
Bild: Markus Winkler / Unsplash
