CSA Sales Reference
Quick Lookup Tool
Use the search bar or sidebar. Built for calls — not reading. Every product, objection, and pricing option in one place.
Quick searches
Departments
Price cheat sheet
- CCSK bundle: $795
- CCZT bundle: $455
- TAISE bundle: $795
- STAR Level 1: Free
- Valid-AI-ted: $595 (free/members)
- CCM/AICM license: $15,000/yr
- Solution Provider (SP / SaaS / AI): $10k/yr
- Solution Provider Startup: $5k/yr
- SP 3-Year: $27k
- Enterprise Essential: $10k/yr
- Enterprise Accelerator: $40k/yr
- Enterprise Premier: $60k/yr
- Enterprise Elite: $100k+/yr
🎓 Training
CCSK — Certificate of Cloud Security Knowledge
Vendor-neutral cloud security cert. No prerequisites. Ideal for orgs transitioning to cloud or running multi-cloud. No prereqs — unlike CISSP.
Bundle
$795
LMS + Exam · 2 attempts
Pricing
| Option | Price |
|---|---|
| Training only (LMS) | $495 |
| Exam only | $445 |
| Bundle (LMS + Exam) | $795 |
| Custom Team Training | Contact sales |
Exam
- 60 questions · 120 min · 80% pass
- Open-book · Online · 2 attempts
- 2-year validity · 12 domains
Target roles
Best accounts
- Banks & financial services
- Government agencies
- Manufacturing → cloud transition
- Accounting / consulting firms
- Multi-cloud environments
Key differentiators
- No prerequisites (unlike CISSP)
- Works across AWS, Azure, GCP
- Volume discounts: 50+ tokens → 20% off · 100+ tokens → 25% off
- v5 content — regularly updated
Objection handling
"We use vendor-specific certs"
CCSK adds universal principles vendor certs lack. Critical for multi-cloud — AWS cert doesn't cover Azure gaps.
"Team is too busy"
Self-paced, open-book, free study materials. Compare $795/person to the cost of one cloud incident.
"Can't afford enterprise-wide"
Start with a pilot group. Volume discounts kick in at 50 tokens (20% off) and 100+ tokens (25% off). Cheaper than one external hire.
"How is this different from CISSP?"
CISSP needs years of experience. CCSK has no prereqs, is cloud-specific, and updated regularly. Complementary.
🎓 Training
CCZT — Certificate of Cloud Zero Trust
Vendor-neutral Zero Trust cert grounded in CISA and NIST SP 800-207. Endorsed by John Kindervag (creator of Zero Trust).
Bundle
$455
LMS + Exam
Pricing
| Option | Price |
|---|---|
| Exam only (self-study) | $175 |
| Bundle (LMS + Exam) | $455 |
| Custom Team Training | Contact sales |
Exam
- 60 questions · 120 min · 80% pass
- Open-book · Online · 2 attempts · 2yr validity
- 7 domains: ZT Concepts → Implementation
Target roles
Key differentiators
- Only ZT cert grounded in CISA + NIST
- Endorsed by ZT creator (John Kindervag)
- Vendor-neutral — any tech stack
- Covers Strategy + Planning + Implementation
Objection handling
"We have vendor ZT training"
Vendor training teaches their product. CCZT teaches NIST/CISA architecture — what boards and regulators ask about.
"Is this just theory?"
Covers protect surfaces, SDP, workflows, deployment. Teams can apply it Monday morning.
🎓 Training
TAISE — Trusted AI Safety Expert
AI security, governance, ethics + compliance. Built with Northeastern University. Covers NIST AI RMF, MITRE ATLAS, CSA AICM. Immediate applicability focus.
Bundle
$795
Training + Exam
Pricing
| Option | Price |
|---|---|
| Training + Exam bundle | $795 |
| Custom Team Training | Contact sales |
Exam
- 60 questions · 120 min · 80% pass · Open-book
- 10 modules: GenAI architecture → model governance
- TAISE Prompt Library — hands-on exercises
Target roles & accounts
- Enterprises deploying AI
- Financial services (fraud AI, chatbots)
- Healthcare (AI diagnostics)
- Cloud providers with AI products
- Government agencies
Objection handling
"We have internal AI training"
Internal training rarely covers NIST AI RMF, MITRE ATLAS, or EU AI Act. TAISE provides external validation boards and regulators ask for.
"Legal handles AI governance"
Legal handles policy. TAISE trains the engineers, GRC, and security teams actually running AI systems day-to-day.
"Is this practical or theory?"
TAISE Prompt Library = hands-on exercises. Focus is "what can you implement Monday morning." Built with Northeastern's Institute for Experiential AI.
⭐ STAR Program
STAR Level 1 — Self-Assessment
Free entry point. Two tracks: STAR for Cloud (CAIQ) and STAR for AI (AI-CAIQ). Get listed on the public STAR Registry. Annual renewal. Prerequisite for Level 2 and Valid-AI-ted.
Cost
Free
Both tracks · Annual
Two tracks
| Track | Questionnaire | Framework | Cost |
|---|---|---|---|
| STAR for Cloud | CAIQ v4 | CCM v4.1 | Free |
| STAR for AI | AI-CAIQ | AICM v1.1 | Free |
What providers get
- Provides baseline security posture without initiating any risk
- Public listing on STAR Registry (4,000+ entries)
- Reduces custom questionnaires from buyers
- Foundation for Level 2 third-party audit
- Prerequisite for Valid-AI-ted upgrade
Target audience
Upsell path
Level 1 (Free) → Valid-AI-ted ($595) → Level 2 (Custom audit)
Members get Valid-AI-ted free — strongest membership pitch on the STAR side.
⭐ STAR Program
Valid-AI-ted — AI-Powered Assessment Validation
AI scores your CAIQ or AI-CAIQ. Per-control feedback, domain breakdown, public trust badge on Registry. Works for both cloud and AI tracks. Strong membership conversion hook.
Non-member
$595
Free for CSA members
What they get
- AI scores every CAIQ or AI-CAIQ control
- Per-control feedback + revision guidance
- Domain-level score breakdown
- Up to 10 attempts (members: unlimited)
- Valid-AI-ted badge on STAR Registry
Pricing
| Who | Price | Attempts |
|---|---|---|
| Non-member | $595 | Up to 10 |
| CSA Member | Free | Unlimited |
Membership pitch
$595 one-time vs. free + unlimited + Level 2 discounts. The math does the selling — let them calculate it themselves.
Why buyers care about the badge
- "They filled it out well" vs just "they filled it out"
- Reduces procurement questionnaire back-and-forth
- Visible to buyers searching the Registry
GRC licensing
- GRC vendors can license the scoring engine
- API integration for automated CAIQ evaluation
- Several vendors already licensed — contact sales
Objection handling
"Is this just automated grading?"
Structured, explainable AI scoring based on CCM implementation guidelines. Every control gets a score with specific revision guidance. Not a black box.
"What if we don't pass?"
That's the point — detailed feedback tells you exactly what to fix. Up to 10 resubmissions. Coaching tool, not just a gate.
"We'd rather just get Level 2"
Valid-AI-ted is excellent L2 prep — shows auditors where you're strong before they start. Required for STAR for AI Level 2.
⭐ STAR Program
STAR Level 2 — Third-Party Audit
Gold standard trust credential. Independent audit against CCM + ISO 27001 or SOC 2 (cloud) or AICM (AI). Members get 20% discount on CSA cert fee.
Price
Custom
Members save 20%
Cloud audit paths
⚠️ Must use a CSA-approved audit firm ↗ — self-selected auditors are not eligible.
| Path | Standard | Validity | Best for |
|---|---|---|---|
| STAR Attestation | SOC 2 + CCM | 1 year | US-market CSPs |
| STAR Certification | ISO 27001 + CCM | 3 years | Global CSPs |
| C-STAR | GB/T + CCM | 3 years | Greater China |
AI audit path
- Independent AICM framework audit
- Requires L1 AI-CAIQ + Valid-AI-ted first
- Coming 2026 — auditor cert launching summer 2026
Target accounts
Objection handling
"We already have ISO 27001"
Perfect — STAR layers on top. Most orgs combine both audits. Incremental effort, significant market value. STAR is the public signal ISO isn't.
"Why not just ISO 27001?"
ISO doesn't cover cloud-specific controls. Enterprise buyers now require STAR + ISO. STAR is the public-facing trust signal; ISO is the private cert.
🔬 Research
AICM — AI Controls Matrix
First vendor-agnostic AI security framework. 243 controls, 18 domains. Superset of CCM — all cloud controls inherited + new Model Security domain (model poisoning, prompt injection, etc.).
Pricing
Free
Members · Non-members pay
Pricing
| Who | Price |
|---|---|
| CSA Members | $15,000/yr |
| Non-Members | $30,000/yr |
Pricing is still being discussed — figures above are current placeholder. Opportunity to license AICM as IP — for GRC vendors, consultancies, or orgs embedding it in commercial products. Same licensing model as CCM.
What's in the download
- 243 control objectives across 18 domains
- AI-CAIQ — self-assessment questionnaire
- Implementation + auditing guidelines
- Mappings: ISO 42001, NIST AI RMF, EU AI Act, BSI AIC4
- Role-specific guides (5 roles: MP, OSP, AP, AIC, CSP)
AICM vs CCM
| CCM covers | AICM adds |
|---|---|
| Cloud infrastructure | Model poisoning + adversarial attacks |
| Traditional IAM + data | LLM lifecycle security |
| Network + compute | AI supply chain risks |
| General compliance | Prompt injection management |
Target roles
Objection handling
"Why not just ISO 42001?"
ISO 42001 is high-level requirements. AICM gives 243 detailed controls with implementation guidance and maps TO ISO 42001. Use both together.
"We already have CCM certification"
AICM integrates seamlessly — it's a superset. CCM covers your cloud foundation. AICM adds AI-specific controls CCM doesn't address. Not a replacement.
"Our AI vendor handles security"
AICM helps verify vendor claims and clarify shared responsibility. Most AI incidents come from misunderstanding who's responsible for what.
Free download → STAR for AI Level 1 (free) → Valid-AI-ted ($595) → Level 2 (custom)
🔬 Research
CCM — Cloud Controls Matrix
#1 driver of CSA website traffic. 197 control objectives, 17 domains, 40+ framework mappings. Foundation of STAR. Free download — commercial licensing available for GRC vendors.
Download
Free
GRC embed = license required
What it covers
- 197 cloud security control objectives
- 17 security domains
- Maps to 40+ standards: ISO 27001, SOC 2, NIST, GDPR, PCI DSS
- Foundation of STAR Level 1 (CAIQ) and Level 2
- v4.1 current — AICM aligned
CCM licensing
| Who | Price |
|---|---|
| CSA Members | $15,000/yr |
| Non-Members | $30,000/yr |
- Free download is for internal reference only
- Commercial use (GRC products, consulting, customization) → license required
- Covers: customize controls, embed in products, use in consulting engagements
Who needs a license: Cloud/AI service providers embedding CCM/AICM in products · Consulting orgs using as client deliverables · Auditing orgs using controls as benchmarks · Enterprises requiring customized versions
🔬 Research
Sponsored Research
Sponsor CSA research surveys and reports. Brand featured in all promotional efforts. Thought leadership + qualified leads. Exclusive to CSA members.
Pricing
Ask Eileen
Members only · pricing TBC
What sponsors get
- Brand prominently featured in CSA promotional efforts
- Reaches targeted audience of security pros and decision-makers
- Positions org as thought leader in cloud/AI security
- Generates qualified leads aligned to CSA audience
- Aligns brand with CSA's trusted 17-year reputation
Note for sales reps: Pricing for sponsored research is not in current materials — flag to Dominik/Dennis before pitching pricing specifics. Good upsell from Solution Provider Membership — available to members only.
🔬 Research
Solution Provider Sponsored Survey
Commission a CSA research survey on your topic of choice. Vendor-agnostic findings, full marketing package, qualified opt-in leads. Co-produced with CSA SMEs.
Price
$40k
Add-ons available
What's included
- Question development with CSA SMEs (shared responsibility)
- Survey distribution to CSA membership + social/community
- Data collection, analysis, and technical writing
- Graphic design + managing editing
- Survey report (early observations, takeaways, conclusions)
- Marketing: respondent incentives (10 CCSK exams), lead retrieval (opt-in only), sponsor branded version
- Early exclusive release · CSA Blog Post · CSA CloudBytes Webinar
Add-ons
| Add-on | Price |
|---|---|
| CSA Expert Speaker | $1,500 |
| Press Release | $1,500 |
Target titles
Why it works
- CSA's 17-year research reputation → instant credibility for findings
- Vendor-agnostic format → trusted by buyers, press, analysts
- Opt-in leads from survey respondents, webinar RSVPs, and attendees
- Sponsor branded version usable in your own content marketing
Objection handling
"We can do our own research"
Self-published vendor research carries vendor bias. CSA's name = analyst-grade credibility. Buyers and press trust it differently.
"$40k is a lot for a survey"
Includes end-to-end production, CSA distribution to 75k+ subscribers, CloudBytes webinar, opt-in leads, and a branded asset you own. Compare to cost of commissioning a Forrester or Gartner study.
🏢 Membership
CSA Enterprise Membership
Not just access — strategic partnership. Dedicated analyst access, maturity roadmaps, benchmarking, and execution across Cloud, AI, and Zero Trust. 4 tiers. 3-year journey.
Starting at
$10k
per year · 4 tiers
Membership tiers
| Tier | Price/yr | Seats | Key benefits |
|---|---|---|---|
| Essential | $10,000 | 1 | 1 analyst call/yr · 12 training credits · monthly briefings |
| Accelerator | $40,000 | 2 | Unlimited analyst calls · 18 training credits · quarterly roadmap reviews · half-day workshop · annual progress report |
| Premier | $60,000 | 5 | Unlimited analyst calls · 24 training credits · monthly reviews · full-day workshop · stakeholder interviews · detailed findings |
| Elite | $100,000+ | Custom | Unlimited analyst calls · 30 training credits · 2 full-day workshops · executive coaching (3 leaders) · multiple concurrent maturity journeys |
In-person workshop delivery available at Premier and Elite for additional $5,000.
📄 Enterprise Membership Agreement ↗
How the engagement works
| Onboarding | Execution | Annual Summary |
|---|---|---|
| CSA conducts an initial assessment and your team confirms roadmap priorities and success metrics. | Monthly or quarterly analyst engagements drive progress and accountability toward your maturity goals. | CSA delivers a comprehensive report with progress metrics, updated roadmap, and next-year priorities. |
Training credits per tier
- Essential: 12 · Accelerator: 18 · Premier: 24 · Elite: 30/yr
- Base: CCSK (cloud) + TAISE (AI) + CCZT (Zero Trust)
- Elite: customized courses available
Target roles
What they care about
- Justifying security spend to the board
- Measurable maturity with documented proof
- Vendor-neutral analyst guidance (not another vendor)
- Access to expertise without hiring a fractional CISO
Objection handling
"We already have CSA membership"
Traditional membership = access (research, discounts, working groups). Enterprise = partnership. Analyst access, maturity benchmarking, roadmap development. Transforms CSA from a resource into a strategic advisor.
"$100k is a lot for membership"
Elite includes 30 training credits + 2 workshops + coaching for 3 executives + unlimited analyst calls. Compare to cost of one fractional CISO.
"What do we get after 12 months?"
Documented maturity baseline, board-ready progress report, improved STAR/CCM readiness, embedded analyst partnership. Measurable outcomes guaranteed.
🏢 Membership
CSA Solution Provider Membership
Five membership types for different buyer profiles. All include marketing benefits, STAR discounts, and CSA brand association. Select a type below.
Starting at
$5k
per year · 5 types
Pricing
| Term | Price |
|---|---|
| Annual | $10,000/yr |
| 3-Year (save ~10%) | $27,000 total |
What's included
- 4 LMS licenses + tokens (CCSK)
- Advisory Council seat
- Blog + LinkedIn + PR access
- CSA member logo usage
- Co-branded research opportunities
Target roles
What they care about
- Branding and market visibility
- Demand generation and pipeline
- Building trust with enterprise buyers
Objections
"Why membership vs. just using STAR?"
STAR gets you listed. Membership gets your logo on CSA.org, your SMEs on CloudBytes (75k subs), and your brand in front of the buyers already searching the registry.
"3-year feels like a big commitment"
$27k over 3 years vs $30k year-by-year — saves $3k and removes the annual renewal conversation. Most SPs who engage with CSA stay.
STAR discounts
| Product | Member price |
|---|---|
| Valid-AI-ted | Free (unlimited) |
| STAR Level 2 cert fee | 20% off |
| CCM/AICM license | $15,000 discount |
📣 Marketing & Events
Events
Exclusive sponsorship and speaking opportunities for CSA members. Lead generation and global brand exposure.
Virtual & In-person Events
- Exclusive sponsorship opportunities
- Speaking session consideration
- Lead generation + global brand exposure
- CSA speakers for your events
- Trust Summit (August 2026) — STAR flagship event
Event Sponsorship Packages
Browse all available sponsorships
Sponsorship exclusive to CSA members. Opt-in leads provided for most, not all programs.
📣 Marketing & Events
Webinars
Reach a highly targeted practitioner audience of cloud and AI security professionals.
CloudBytes Webinars
- 75,000 subscribers
- Feature your subject matter experts
- AI and cloud security topics
- Highly targeted practitioner audience
- Price: $8,500
⏱ Lead time: Typically 6–8 weeks from purchase to actual airing of the webinar. Set expectations with prospects accordingly.
📄 CloudBytes Webinar Program Contract ↗
Key datapoints
| Metric | Figure |
|---|---|
| Average opt-in rate | TBC — request from marketing |
| Audience breakdown | TBC — request from marketing |
Marketing team should have current figures for average opt-in and audience breakdown. Confirm before pitching.
📣 Marketing & Events
Community Network Program
CSA promotes your event to the global cloud security community. Exclusive to members. Contact sales@cloudsecurityalliance.org.
Sponsorship packages
| Level | Price | Key inclusions |
|---|---|---|
| Platinum | $35,000 | CSA leadership keynote · 2 dedicated emails · LinkedIn Group post · blog 30 days · homepage banner 10 days |
| Gold | $25,000 | 1 dedicated email · 2 newsletter mentions · LinkedIn Solution Provider post · blog 14 days · homepage ad 7 days |
| Silver | $15,000 | 2 newsletter mentions · LinkedIn Solution Provider post · blog 14 days · event listed on CSA website |
Platinum virtual only — contact sales for in-person keynote pricing.
Optional add-ons
| Add-on | Price |
|---|---|
| Additional dedicated email (25k list) | $2,500 |
| Additional dedicated email (50k list) | $5,000 |
| Additional LinkedIn Group post | $500 |
| Blog extended by 10 days | $500 |
| Homepage promo banner 5 days | $1,000 |
Required from sponsor
- Opt-in event leads to CSA within 5 business days after event
- CSA logo on all event websites and promotions
- Promotional materials 6 weeks before event date
- Build and host event website + registration page
❓ FAQ
Questions You'll Get on Calls
Quick answers for common prospect questions. Add more as they come up in the field.
What's the difference between STAR and ISO 27001?
ISO 27001 is private — only your auditor and select parties see results. STAR is public — your assessment is visible on the Registry for any buyer to search. STAR Level 2 builds ON TOP of ISO 27001 or SOC 2. They're complementary: ISO for internal governance, STAR for external trust signals.
How is AICM different from CCM?
AICM is a superset of CCM. All 207 CCM controls are inherited — CCM users don't start from scratch. AICM adds AI-specific controls including the new Model Security domain (model poisoning, prompt injection, unauthorized model access). 243 total controls vs. 207 in CCM.
Is Valid-AI-ted required for STAR Level 2?
For STAR for Cloud Level 2 — optional but strongly recommended as prep. For STAR for AI Level 2 — yes, Valid-AI-ted is a required step before the third-party AI audit.
What's included in membership training credits?
Credits apply toward CCSK, CCZT, and TAISE.
Enterprise vs Solution Provider membership — what's the difference?
Solution Provider = marketing benefits (blog, LinkedIn, events, PR, brand, STAR discounts). Enterprise = strategic advisory partnership. Analyst access, maturity roadmaps, benchmarking, progress reviews.
Can CCM or Valid-AI-ted be embedded in a GRC product?
Yes, but a commercial license is required. Free download is for internal reference only. CCM/AICM licensing is $15,000/year — CSA members get a discount. Contact sales@cloudsecurityalliance.org. Several GRC vendors are already licensed. Valid-AI-ted GRC integration: contact the STAR team.
What does STAR do that SOC 2 doesn't?
SOC 2 is private and covers general security. STAR is public (listed on the Registry), cloud-specific (CCM adds 197 cloud controls), and internationally recognized across 40+ frameworks. Buyers actively search the STAR Registry during vendor evaluation — they don't search SOC 2 reports.
What happened to CCAK? Did CSA discontinue it?
CCAK (Certificate of Cloud Auditing Knowledge, with ISACA) is being replaced by a new STAR Auditor Certification course launching summer 2026, purpose-built for STAR assessments across cloud and AI tracks. Existing CCAK holders remain certified. The new course is more aligned with actual STAR audit work.
🔗 Resources
Downloads, Links & Send-Ahead Content
Direct links to CSA artifacts, reports, and blog posts. Share with prospects before or after a call — no searching required.
Framework downloads
CCM v4.1 + CAIQ
207 controls, 17 domains, 40+ framework mappings. #1 CSA download.
Download CCM ↗
Download CCM ↗
AICM v1.1 + AI-CAIQ
243 AI security controls. Superset of CCM. Free download.
Download AICM ↗
Download AICM ↗
STAR Registry
Search 4,000+ cloud provider security assessments. Buyers use this to evaluate vendors.
Open STAR Registry ↗
Open STAR Registry ↗
Send-ahead research (prospect education)
Top Cloud Priorities for CxOs
Written by Jim Reavis + Illena Armstrong. 12 cloud priorities for C-suite. Great for CISO intro meetings.
Download ↗
Download ↗
Introductory Guidance to CCM (2026)
Foundational context for CCM v4.1. Great for prospects new to CSA frameworks.
Download ↗
Download ↗
Enterprise AI Security Starts with AI Agents
Latest survey on AI agents + autonomous AI risks. Good opener for AI-focused accounts.
Download ↗
Download ↗
All CSA resources
🔬 Research — Hot Topic
The AI Vulnerability Storm — Mythos Briefing
Emergency strategy briefing co-authored by CSA (Jim Reavis, Rich Mogull, John Yeoh), SANS, and OWASP. Written in 3 days, reviewed by 250+ CISOs. Every CISO you talk to has heard about this. Free download at labs.cloudsecurityalliance.org/mythos-ciso/
Download
Free
Send to any CISO prospect
Numbers to keep in your back pocket
| Stat | What it measures | What to say to a prospect |
|---|---|---|
| < 1 day | Time to exploit (2026) | In 2019 it took attackers over 2 years to turn a known flaw into an active attack. Today it takes less than 24 hours. Security teams built for weeks are now facing hours. |
| 181 vs 2 | Mythos vs. previous best | Under the exact same test, the previous best AI produced 2 working attacks on Firefox. Mythos produced 181. That is not a small improvement — it is a completely different level of capability. |
| 72% | Exploit success rate | Mythos turned known software flaws into working attacks 72% of the time, on its own, without a human hacker involved. Previously that kind of success rate required years of specialist expertise. |
| 27 yrs | Age of oldest bug found | Mythos found a flaw in software that had been considered secure for 27 years. This tells you the problem is not just new software — everything is being re-examined. |
| ~40 | Glasswing partners | Only about 40 companies got early access to Mythos to start fixing their software. Every other organization is on their own — which is exactly why CSA published the action plan. |
| 250+ | CISOs reviewed it | Over 250 security leaders reviewed this paper over a single weekend. That level of urgency and consensus is rare. It tells you how seriously the industry is taking this. |
Conversation starters
"Have you seen the CSA Mythos briefing?"
250 CISOs reviewed it over a weekend. I can send it over. — Low-pressure opener, positions you as informed. Paper is free.
"What's your current time to patch a critical vulnerability?"
The paper frames anything slower than hours as structurally at risk. Gets them thinking about urgency without you having to say it.
"Has your board asked about Mythos yet?"
If not, they will. Paper has a board briefing section built in. Natural Enterprise Membership angle.
"We helped write the CISO playbook on this."
Jim Reavis and John Yeoh are named contributors. Establishes CSA credibility immediately.
Answering questions
"Is Mythos really that big a deal?"
Time-to-exploit used to be measured in years. Now it's hours. Rich Mogull at CSA wrote the analysis — he says he hates hyperbole, but this time the numbers don't lie.
"What can we actually do about it?"
The paper gives 11 priority actions. Short version: know what you run, shrink your patch cycle, harden what you can't patch, extend Zero Trust inward. CSA has training for all of that.
"What does this mean for our compliance?"
EU AI Act lands August 2026. The paper specifically says "reasonable defensive effort" now has a Mythos-shaped bar. Boards face negligence questions if they haven't acted.
"What is Glasswing?"
Anthropic's controlled early access — ~40 major vendors got Mythos to fix their software first. Everyone else is on their own. That's why CSA wrote the action plan.
CSA product tie-ins
| Product | What to say |
|---|---|
| Enterprise Membership | "This is exactly the kind of moment where having a CSA analyst on speed dial is worth it. CISOs need a strategic advisor, not more reports to read." |
| TAISE | "The paper's entire premise is that AI security governance is now a board issue. TAISE is how you train your team to handle it." |
| CCSK + CCZT | "The priority actions — patching velocity, segmentation, Zero Trust — are exactly what these certs train for. Not theoretical anymore." |
| STAR | "Buyers are going to start asking vendors what their security posture looks like post-Mythos. Getting on the Registry now is getting ahead of that question." |
"The security program this board has funded is what makes the AI strategy viable." — Rich Mogull, CSA Chief Analyst
Download paper →
🎓 Training
Group Training Quote Calculator
Private instructor-led sessions. Enter the details — total quote, commission, and per-student price calculate automatically.
Session details
$
Pricing
$
% of total quote
Quote breakdown
| Instructor fee | $3,000 |
| CSA margin | $500 |
| Commission (10%) | $389 |
| Total quote | $4,333 |
|---|
Total to quote client
$4,333
6 students · 2 days
Per student
$722
Ideal class: 20 students · max 25 · virtual = same price as in-person (unless travel needed)