Deloitte Italy, PointGuardAI, and Tumeryk partner with CSA to evolve the reference framework for assessing the security of AI systems
Cloud Security Alliance (CSA) announced the upcoming launch of RiskRubric V2, the next key milestone in expanding the CSAI Foundation’s capacity to deliver on its 2026 mission of Securing the Agentic Control Plane.
RiskRubric V2, a systematic methodology to quantify AI model risk, will officially launch later this year. CSA is also pleased to announce partnerships with Deloitte Italy, PointGuardAI, and Tumeryk to lead the evolution of RiskRubric V2. Together, these organizations are helping advance a more transparent, evidence-based approach to evaluating AI systems.
“Today’s security leaders cannot secure the agentic era with yesterday’s tools. We need an infrastructure that governs how autonomous AI agents identify themselves, what they are authorized to do, and how we trust them at scale,” said Jim Reavis, CEO and co-founder of the Cloud Security Alliance. “CSAI delivers exactly that through six integrated programs designed to embed trust, assurance, and risk intelligence into AI ecosystems. The upcoming launch of RiskRubric V2 is the next key milestone in CSAI’s mission and aims to deliver a framework that measures the true boundary of modern AI systems, from models to autonomous control loops, without compromising reproducibility and transparency.”
RiskRubric is the Cloud Security Alliance’s evidence-based risk rating system for AI. RiskRubric V2 will include:
- A multi-scanner ecosystem powered by independent evaluation partners: PointGuard, Deloitte Italy, and Tumeryk.
- Expanded assessment coverage beyond AI Models to include MCP Servers.
- Modernized evaluation pillars addressing emerging operational and autonomous AI risks.
- A new Confidence Scoring model to provide greater transparency into assessment validation.
Dedicated to secure and trustworthy AI, CSAI is a global community advancing research, responsible AI education, and open frameworks that help AI scale with trust. As enterprises move from experimental AI to autonomous, agent-driven AI, the risk surface shifts from models alone to identity, authorization, orchestration, runtime behavior, and trust assurance across complex agent ecosystems. CSA is evolving from defining best practices to operating the trust infrastructure for the agentic ecosystem.
