SANS Institute Releases AI Security Maturity Model for Enterprise Governance

Security leaders have spent the past year reading global AI standards without knowing what to do on Monday morning. SANS Institute released the SANS AI Security Maturity Model™ eBook on May 12, 2026, to address that exact paralysis. The framework provides a stage-by-stage operational path from ad hoc AI use to a fully governed and secured program.

The guide was authored by Chris Cochran, Field CISO and VP of AI Security at SANS, with input from a global community of practitioners. According to the official SANS press announcement, the model serves as the operational companion to the SANS Secure AI Blueprint.

Most AI maturity frameworks tell you what good looks like at the top of the mountain without showing you the trail. This model is the trail. Each stage has specific controls, specific metrics, and specific actions to advance, with explicit guidance on agentic AI and Non-Human Identity, where most organizations have a real blind spot today.

The framework rests on three pillars: Protect AI, Utilize AI, and Govern AI. These align with the SANS Secure AI Blueprint. The five stages run from Stage 1 (Unaware / Ad Hoc) through Stage 5 (Optimizing / Adaptive), with detailed program indicators, people indicators, metrics, and a sequenced set of steps to advance at every stage.

A defining feature is its insistence that no single maturity level is correct for every organization. A 30-person company at a genuine, evidence-based Stage 2 is in a stronger security posture than an enterprise claiming Stage 3 without documentation to prove it. The right target depends on AI adoption pattern, industry, regulatory environment, and risk tolerance.

The model includes a Determining Your Target Maturity table and an evidence-based scoring system to help organizations set a defensible goal. (This is the kind of specificity that actually helps when you're trying to justify budget to a CFO.)

Mapping to existing standards is built in. The framework aligns directly to NIST AI RMF, the EU AI Act, ISO 42001, and the OWASP AI Exchange and OWASP Agentic Top 10. SANS's formal partnership with OWASP on AI security standards is reflected throughout. For organizations facing regulator, customer, or partner scrutiny on AI governance, the model is designed to produce executive-ready reporting language and audit-defensible evidence.

One original contribution is the Principle of Least Agency, the agentic counterpart to least privilege. Cochran noted this is the kind of original guidance practitioners told them they needed and could not find anywhere else. Employees across most organizations are using AI tools faster than their security teams can write policy for them. Sensitive data is moving into public models. Developers are pulling unverified models from open repositories. AI agents are being granted real authority inside production environments, often without an owner, an identity, or a documented permission boundary.

Rob T. Lee, Chief AI Officer and Chief of Research at SANS Institute, stated the model closes a real gap. NIST, the EU AI Act, ISO 42001, and OWASP each describe what mature AI security looks like. None of them tell a CISO what to do first, what to do next, or how to know when they are ready to advance. That is what this model provides, built on top of those standards rather than around them.

The fact that practitioners helped shape it is why SANS believes it will hold up as the technology and the regulatory picture keep moving. Download the SANS AI Security Maturity Model eBook at go.sans.org/XOHqTg.

Independent coverage from HPCwire corroborates the release date and core framework details.

Whether organizations actually implement the controls or just use the scoring system for compliance theater remains the real question. The framework is solid, but execution is where most security programs fail anyway.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn