{"slug": "cosai-releases-ai-shared-responsibility-framework", "title": "CosAI Releases \"AI Shared Responsibility Framework\"", "summary": "The Coalition for Secure AI (CoSAI) released an \"AI Shared Responsibility Framework\" on May 6, 2026, to assign clear accountability across the AI stack and end finger-pointing when AI systems cause harm or fail compliance audits. The five-layer model maps responsibility for governance, data, applications, platforms, and model providers, addressing gaps left by traditional cloud frameworks that do not account for foundation model supply chains or agentic systems. The framework aims to solve the growing problem of unclear ownership in AI deployments, where regulatory requirements and multi-vendor architectures make it difficult to determine who is at fault when something goes wrong.", "body_md": "###### Coalition for Secure AI Unveils New Agentic Identity and Security Research Following High-Profile Sessions at RSAC 2026\n\nMay 6, 2026*When an AI system causes harm or fails a compliance audit, the finger-pointing starts almost immediately. The model provider blames the configuration. The cloud provider points to the tenant. The application team cites model limitations. Our new AI Shared Responsibility Framework is designed to end that cycle before it starts.*\n\nMost organizations have spent years building clear lines of ownership around their technology stacks. They know who owns the network, who owns the application layer, who calls the vendor when something breaks at 2 a.m. AI has complicated all of that.\n\nThe problem is not that AI systems are inherently ungovernable. The problem is that the accountability structures most organizations rely on were designed for a different era of technology. A traditional cloud shared responsibility architecture divides the world cleanly between provider and customer. AI systems operate across layers this architecture was never designed to address: foundation models trained on third-party data, platforms that stitch together multiple vendors, agentic systems that can take autonomous actions on behalf of users, and regulatory requirements that cascade differently across the stack depending on the industry you operate in.\n\nWhen something goes wrong across that kind of architecture, the question “whose fault is this?” becomes genuinely hard to answer. And the longer it takes to answer, the longer it takes to fix.\n\n**Read the full AI Shared Responsibility Framework here.**\n\n**A Framework Built for How AI Actually Works**\n\nCoSAI’s Workstream 2 has spent the past year building a structured answer to this problem. The result is the AI Shared Responsibility Framework (AI SRF), a five-layer model that maps accountability across the full AI stack and assigns exactly one responsible party to each component.\n\nThe five layers reflect how AI systems are actually built and operated:\n\n**AI Business and Usage** covers governance, regulatory compliance, and the business decisions organizations make about how AI is deployed. This layer exists because AI-specific regulations (FDA guidance for software as a medical device, SR 11-7 model risk management in financial services, EU AI Act requirements) create obligations that traditional cloud compliance frameworks simply do not address. Someone has to own those obligations. This layer makes that explicit.\n\n**AI Information** addresses data: who owns training data, who governs what information agents can access, and how organizations manage the growing problem of shadow AI — employees using external AI tools that no one sanctioned, monitored, or secured. This is a layer the traditional three-tier cloud model skips entirely.\n\n**AI Application** covers the teams building and deploying AI-powered products. Application developers integrating AI via APIs carry specific responsibilities for input validation, access controls, safety systems, and integration security that are distinct from what either the platform or the model provider owns.\n\n**AI Platform** covers the infrastructure and services that host and serve AI models. Cloud providers, MLOps platforms, and model API services each have defined obligations at this layer, including compute security, compliance certifications, and the identity and access management primitives that tenants depend on.\n\n**AI Model Provider** is a new layer for shared responsibility frameworks and addresses something that has been a consistent blind spot: the foundation model supply chain. Who is accountable for a model’s known susceptibility to prompt injection? Who documents training data provenance? Who maintains vulnerability disclosure processes when model-level weaknesses are discovered? This layer assigns those responsibilities to model providers, clearly and unambiguously.\n\n**The Pain Points This Framework Is Designed to Solve**\n\nThe accountability gaps the AI SRF addresses are not theoretical. Courts and regulators are already making decisions that organizations were not prepared for.\n\n[In 2024](https://www.pinsentmasons.com/out-law/news/air-canada-chatbot-case-highlights-ai-liability-risks), Air Canada was held liable after its customer service chatbot gave a passenger incorrect information about bereavement fares. The airline argued the chatbot was a separate entity. The court disagreed and ordered Air Canada to honor the discounted fare. No one inside the organization had clearly owned the question of what the chatbot was authorized to promise on the company’s behalf, or what would happen when it got something wrong.\n\nAround the same time, a [car dealership added an AI chatbot to its website](https://www.businessinsider.com/car-dealership-chevrolet-chatbot-chatgpt-pranks-chevy-2023-12?op=1). Within days, customers had manipulated it into agreeing to sell a new Chevy Tahoe for one dollar. Again, the gap was not a technical failure in the traditional sense. It was an accountability failure: no one had defined who was responsible for setting the boundaries of what the chatbot could commit to, and who would verify those boundaries were actually in place.\n\nThese are not edge cases. They are previews of what happens when AI deployment outpaces governance.\n\nConsider a more complex technical scenario that the framework directly addresses: a prompt injection attack bypasses the guardrails on a customer-facing chatbot and exposes personally identifiable information from a connected database. Under current practices, the incident response often stalls because no one has clear authority over detection, containment, and remediation across the multiple parties involved.\n\nUnder the five-layer framework, accountability traces cleanly. The model provider owns the base model’s susceptibility to injection and the documentation of known weaknesses. The platform provider owns infrastructure-level protections. The application developer owns the guardrails, input validation, and data access controls that should have prevented the exposure. The deploying organization owns the data classification policies that defined what the chatbot could access in the first place. Every layer has an owner. The question shifts from “whose fault is this?” to “which layer’s controls failed, and who owns the fix?”\n\nThat kind of clarity matters enormously in a regulated environment. A hospital system deploying an AI diagnostic tool needs to be able to show FDA auditors exactly who validated that tool’s outputs before it went into production, and what process they followed when the underlying model was updated. A regional bank using AI for credit decisions needs to demonstrate to examiners that someone with defined authority reviewed the model for bias and signed off on the risk. A federal agency implementing an AI procurement tool needs to map every NIST AI RMF control to a specific owner across its vendor relationships. Without a structured accountability framework, none of those conversations go well.\n\nBeyond regulated industries, the framework addresses an operational reality that affects nearly every organization: most enterprise AI deployments are not monolithic. A single application may draw on multiple foundation models, run on a cloud platform, use a third-party agentic orchestration layer, and be maintained by a team that had no involvement in any of the upstream decisions. When something breaks, everyone has a reasonable-sounding explanation for why it is someone else’s problem. Mapping that complexity to clear accountability requires a structured approach that vendor contracts written before agentic AI existed simply cannot provide.\n\n**Agentic Systems Require a Different Conversation**\n\nIf there is one area where existing accountability frameworks fall shortest, it is autonomous AI agents. Agents that can take actions, coordinate with other agents, access tools and APIs, and operate across sessions without direct human supervision create risks and accountability questions that no prior framework was designed to handle.\n\nThe AI SRF addresses this directly. The framework includes a classification of agent autonomy levels, from systems that only provide information to those capable of making cross-domain decisions without human oversight, and maps accountability requirements to each level. As autonomy increases, responsibility shifts from end users toward application developers and agentic platform providers. Organizations deploying higher-autonomy agents need contractual accountability clauses, documented intervention capabilities, and evidence requirements that scale with the risks those systems create.\n\nTo make this concrete: imagine a procurement agent deployed by a financial services firm to autonomously negotiate supplier contracts within defined parameters. The agentic platform provider is responsible for the orchestration engine that coordinates the agent’s reasoning steps. The application developer is responsible for the guardrails that define what the agent can and cannot agree to. The organization is accountable for setting those business rules and for defining when a human needs to be pulled into the loop. If the agent commits the firm to terms it was never authorized to accept, the question of who owns that failure should have been answered before the agent was deployed, not during the legal review afterward.\n\nThis is not a distant concern. The organizations at the frontier of AI deployment are already running agents at levels of autonomy that most governance frameworks do not recognize as a category. The window to establish the right accountability structures is open now, before these systems are deeply embedded in operations and retrofitting becomes expensive.\n\n**Practical Guidance, Not Just Principles**\n\nThe AI SRF was designed to be implemented, not just cited. It includes an operating model matrix that maps responsibility across IaaS, PaaS, and SaaS deployment models, a set of defined personas with specific accountability assignments, an implementation playbook with phased activities across the first year of adoption, and evidence requirements that tell organizations what artifacts they need to demonstrate that accountability has actually been assigned and exercised.\n\nFor organizations that already have existing shared responsibility documentation from cloud providers, the framework includes guidance on mapping current assignments to the five-layer structure.\n\nThe framework is complementary to existing standards. NIST AI RMF defines what governance outcomes to achieve. ISO 42001 defines how to manage an AI management system. The AI SRF defines who is responsible for each component, at each layer, across each operating model. Used together, they give organizations a complete picture.\n\n[ Download the full AI Shared Responsibility Framework](https://www.coalitionforsecureai.org/wp-content/uploads/2026/05/CoSAI-Shared-Responsibility-Framework.pdf) and put a name next to every component in your AI stack.\n\n##### Disclaimer\n\nThe views represented in this paper do not necessarily represent the views of all CoSAI members, including reviewers and their organizations.\n\n*CoSAI is an OASIS Open Project bringing together AI and security experts from industry-leading organizations to develop practical guidance for secure AI deployment. The AI Shared Responsibility Framework was developed by Workstream 2, with contributions from Cisco, ServiceNow, Intel, Meta, Anthropic, IBM, and others. Learn more at **coalitionforsecureai.org**.*", "url": "https://wpnews.pro/news/cosai-releases-ai-shared-responsibility-framework", "canonical_source": "https://www.coalitionforsecureai.org/whos-responsible-when-ai-goes-wrong-a-new-framework-aims-to-answer-that-question/", "published_at": "2026-05-29 00:42:52+00:00", "updated_at": "2026-05-29 01:15:37.085793+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-ethics", "ai-agents", "artificial-intelligence"], "entities": ["Coalition for Secure AI", "RSAC 2026"], "alternates": {"html": "https://wpnews.pro/news/cosai-releases-ai-shared-responsibility-framework", "markdown": "https://wpnews.pro/news/cosai-releases-ai-shared-responsibility-framework.md", "text": "https://wpnews.pro/news/cosai-releases-ai-shared-responsibility-framework.txt", "jsonld": "https://wpnews.pro/news/cosai-releases-ai-shared-responsibility-framework.jsonld"}}