ai
On April 21, 2026, a major breakthrough in cybersecurity happened: leading standardization initiatives gathered in Washington DC and agreed to begin coordinating collectively on AI security. A personal dream come true. The result: MOSAIC: Multi-Organization Secure AI Coordination. The goal: turn a fragmented landscape into clear, consistent standards and guidelines, to deal with the mounting risks of AI.
This important step was taken at the AI Security Policy Forum, organised and led by the OWASP AI Exchange, with SANS Institute as co-host - convening standard makers and policy stakeholders.
The initiatives at the table included: π BIML (Berryville Institute of Machine Learning) π Center for Internet Security (CIS) π Cloud Security Alliance (CSA) π Coalition for Secure AI (CoSAI) π National Institute of Standards and Technology (NIST) π OWASP AI Exchange (AIX) π OWASP GenAI Security Project π SANS Institute
The group agreed that it is now more important than ever to coordinate around the rapidly evolving possibilities and challenges of AI, as AI security risks mount.
One of the next steps is to provide a standardized map of the participating initiatives and a communication platform to exchange insights on a first list of identified topics (e.g., aligning with other initiatives such as SC42, building on OpenCRE, consensus on definitions), improve consistency, clarity, quality, and prevent unnecessary duplication. The idea is to move fast while maintaining independence and with lightweight coordination - not add more committees.
In addition to the organizations mentioned, the discussion also included journalists, representatives from International Telecommunication Union (ITU), The Aspen Institute, academia, and government β providing valuable perspectives on developments in both policy and industry. This helped prioritize the topics to focus on.
In the picture, from left to right, standing to sitting: Disesdi Shoshana Cox (AIX), Gary McGraw(BIML), Rob van der Veer (AIX), Anonymous, Duncan Sparrell, John Yeoh (CSA), Rock Lambros (GenAI), Norma Krayem, Brian Calkin (CIS), Matt Altomare (Aspen), Omar Santos (CoSAI), Aruneesh Salhotra (AIX), Jonathan Gibson (The Dispatch), Apostol Vassilev (NIST), Rhea Nygard, Ken Huang, Lav Varshney (Stony Brook University), Sounil Yu, and Sharon Goldman (Fortune)
Not in the picture, but involved, in alphabetical order: Rob T. Lee (SANS), Ryan Galluzzo (NIST), Soribel F.
A big thank you to: π Disesdi Shoshana CoxΒ for her idea to bring everybody together in a room to fulfil the connecting mission of the Exchange π The amazing thinktank at the AI Exchange π Spyros Gasteratos for his work on OpenCRE π Violeta Klein, CISSP, CEFA for shaping the story for the Forum π Straiker, Casco (YC X25), AI Security Academy, and SANS for supporting the Forum. π Software Improvement Group for donating the original threat model and initiating the AI Exchange
Letβs make AI a success! | 28 comments on LinkedIn
A TDD-driven iterative feedback loop for software development. 16 cohesive Claude Code skills walk an idea from brainstorm β plan β execute β iterate, with checkpoints throughout. - evanklem/evanflow
Multi-lens code audit tool β 280 expert AI agents for code review, security testing, and infrastructure auditing - TheMorpheus407/RepoLens
Is security spending more tokens than your attacker?
Our latest model, Claude Opus 4.7, is now generally available. Opus 4.7 is a notable improvement on Opus 4.6 in advanced software engineering, with particular gains on the most difficult tasks.
A demo combining LeCroy oscilloscope control, SPICE simulation, and Claude Code.
Today, weβre launching Claude Design, a new Anthropic Labs product that lets you collaborate with Claude to create polished visual work like designs, prototypes, slides, one-pagers, and more.
Put Claude Code on autopilot. Define routines that run on a schedule, trigger on API calls, or react to GitHub events from Anthropic-managed cloud infrastructure.
For eight years, Iβve wanted a high-quality set of devtools for working with SQLite. Given how important SQLite is to the industry1, Iβve long been puzzled that no one has invested in building a really good developer experience for it2. A couple of weeks ago, after ~250 hours of effort over three months3 on evenings, weekends, and vacation days, I finally released syntaqlite (GitHub), fulfilling this long-held wish. And I believe the main reason this happened was because of AI coding agents4. Of course, thereβs no shortage of posts claiming that AI one-shot their project or pushing back and declaring that AI is all slop. Iβm going to take a very different approach and, instead, systematically break down my experience building syntaqlite with AI, both where it helped and where it was detrimental. Iβll do this while contextualizing the project and my background so you can independently assess how generalizable this experience was. And whenever I make a claim, Iβll try to back it up with evidence from my project journal, coding transcripts, or commit history5.
Why the moat is the system, not the model
A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment.
The one where I pack up my bags
Anthropic accidentally shipped a source map in their npm package, exposing the full Claude Code source. Here's what I found inside.
Official MCP Servers for AWS. Contribute to awslabs/mcp development by creating an account on GitHub.
A powerful meta-prompting, context engineering and spec-driven development system that enables agents to work for long periods of time autonomously without losing track of the big picture - gsd-build/gsd-2
A light-weight and powerful meta-prompting, context engineering and spec-driven development system for Claude Code by TΓCHES. - gsd-build/get-shit-done
How I deployed nullclaw as a public-facing AI agent on a $5 perimeter box with IRC, tiered inference, and Cloudflare-proxied WebSocket, and why the architecture matters more than the model.
Fast terminal, state-of-the-art agents, and cloud orchestration for the full software development lifecycle.