0:00
/
Generate transcript
A transcript unlocks clips, previews, and editing.

Protect, utilize, govern: mapping AI's new attack surface with Chris Cochran

If someone asked you to prove, with evidence, that the AI in your product is secure, could you do it? Most teams can’t, and until recently there was no shared standard for what that proof even looks like. Chris Cochran, Field CISO and VP of AI Security at the SANS Institute, built one.

After nine months of conversations with three to four hundred security leaders around the world, all asking the same questions, he authored the SANS AI Security Maturity Model, a framework already being used to map compliance requirements under the EU AI Act.

Chris breaks down the model’s three pillars: protect, utilize, and govern, and explains why the most uncomfortable questions in the framework are the foundational ones. He also reveals the highest maturity stage of the model any company has claimed, why a small business can outrank an enterprise, and what developers shipping AI into regulated environments can’t afford to ignore.

As Chris puts it, the genie is out of the bottle. AI does not care if you believe in it or not.

Topics Covered

00:00 - Introducing Chris Cochran

02:20 - Why we need another framework

04:00 - The three pillars: protect, utilize, and govern

05:05 - Half of security leaders are AI skeptics, and why this mindset is unproductive

06:50 - The most uncomfortable question in the SANS AI Security Maturity Model

08:40 - Data classification as the prerequisite for any AI policy

10:30 - The highest maturity stage of the framework that someone has claimed

12:30 - Two ways to read the framework: front to back or scoring rubric first

13:25 - AI assisted adversaries will target everyone soon, what that means for small businesses

16:30 - Why SANS uses industry specific weighting

18:25 - What developers need to know about shipping the same AI tools in different industries

20:40 - Why developers should care about the AI Security Maturity Model

About Chris Cochran

Chris Cochran is the Field CISO and Vice President of AI Security at the SANS Institute, where he stands at the intersection of frontier AI innovation and real-world cybersecurity defense.

A Marine Corps veteran and former leader at organizations like Netflix, Mandiant, the U.S. House of Representatives, Axonius, and NSA, Chris has spent his career translating complexity into clarity, whether guiding organizations through emerging AI threat landscapes, pioneering defensive AI workflows, or shaping the next generation of AI-security practitioners. His work blends deep operational cyber experience with cutting-edge research in AI governance, model risk, multi-agent systems, and adversarial AI, positioning him as one of the few leaders equally fluent in shaping AI strategy and securing it.

Known for his storytelling, community leadership, and ability to distill fast-moving technical shifts into actionable insight, Chris is helping build the future where AI systems are both powerful and safe.


Want to learn more about VIA?

Contact Us


Ready for more?