SANS AI Critical Security Guidelines

Welcome to the SANS AI Critical Security Guidelines repository. In March 2025, SANS published the inaugural version of this comprehensive framework, which encompasses critical security concerns and controls for AI implementations and usage within enterprise environments. Recognizing the dynamic nature of artificial intelligence as a rapidly evolving field, we are releasing this paper as a "living document" to foster collaborative improvement through community engagement.

Version Information

• Current Version: 1.1
• Publication Date: April 2025
• Next Publication Date: August 2025

How to Contribute

Contributing to the SANS AI Critical Security Guidelines is straightforward. This repository serves as our version control system for managing contributions. Please follow this workflow for submitting your contributions or corrections:

1. Create a GitHub account (if you haven't already)
2. Clone the repository to access the latest version of the paper in Markdown format
3. Create a feature branch using your last name and the current month and year (e.g., bromiley-may2025)
4. Implement your changes, including any necessary images, diagrams, or supplementary materials
5. Push your changes and submit a Pull Request (PR) to the repository
6. Our team will review your PR, provide feedback, and assist in integrating your contributions

Contribution Guidelines

To maintain the quality and integrity of this document, please adhere to the following guidelines:

1. Professional Conduct: Maintain professional discourse and avoid harmful language, biases, or insinuations about AI products, nationalities, companies, or individuals.

2. No Product Promotion: This document is vendor-neutral. Do not attempt to insert proprietary content or direct readers to specific products. You may reference the paper, but the paper cannot reference you.

3. Evidence-Based Contributions: All statements, facts, and statistics must be supported by credible references. Include links or copies of relevant reports to substantiate your data.

4. Technical Accuracy: Ensure all technical content is accurate, up-to-date, and aligned with current industry standards and best practices.

5. Clear Documentation: Provide clear explanations and context for all contributions. Use proper formatting and structure to maintain consistency with the existing document.

6. Scope Alignment: Contributions should align with the document's focus on AI security guidelines and controls. Off-topic or tangential content will not be accepted.

7. Review Process: Be prepared to engage in constructive dialogue during the review process. Address feedback promptly and professionally.

8. Intellectual Property: Ensure you have the necessary rights to contribute any content. Do not submit copyrighted material without proper authorization.

9. Maintenance: Contributors may be asked to maintain and update their contributions as the field evolves.

10. Mission-Focused: All contributors must adhere to the SANS Mission, which empowers current and future cybersecurity practitioners around the world. You can read more about the SANS Mission here.

We value your expertise and look forward to your contributions in making this document a comprehensive resource for AI security professionals.