Project

Changelog

What changed on this site and when, tied to CoSAI AI Shared Responsibility Framework releases. Dates are the date the change went live.

Status and cadence. This site tracks CoSAI SRF v1.0 (released May 28, 2026) and previews v2.0 work in progress. The core framework reference follows official CoSAI and OASIS releases. Industry vertical schemas are independently proposed extensions, flagged experimental, and are not part of the official CoSAI release.

Entries group related changes by the date they shipped. For the commit-level history, see the source repository.

June 2026
Update

Incident response playbooks and GRC exports

Added Day-2 incident response playbooks for seven AI boundary failures, each mapping who leads per operating model. Published the accountability matrix as an OSCAL 1.1.2 catalog and a CSV for GRC ingestion, plus the playbooks as structured JSON.

Vendor risk assessment tool

Added vendor risk assessment for AI suppliers: seven vendor categories mapped to SRF layers with accountability splits and evidence asks, a how-to guide, procurement export templates, and a downloadable XLSX workpaper.

For LLMs and agents

Added a homepage resource hub linking llms.txt, the full-text file, machine-readable data, the knowledge graph, the schema viewer, and the retrieval validation tool. Added this changelog and JSON-LD to the newest pages.

License and integrity

Replaced the LICENSE with verbatim Apache-2.0 text, added a NOTICE, pinned jsPDF 2.5.1, hardened the SRF Stress worker with input validation and an anti-injection guard, added a CI verify workflow, and named OCSF as the evidence schema in the v2.0 governance section.

Machine-readable knowledge layer

Published a glossary registry and per-term API, an ontology graph, a canonical ID registry, an export knowledge pack, and a RAG retrieval validation tool. Added page-level LLM metadata and chunk markers across all pages, plus robots.txt, sitemap, llms-full.txt, a data index, and JSON-LD on every page.

Industry verticals

Added finance, healthcare, insurance, public sector, defense, and manufacturing verticals, each with a hub, controls browser, how-to guide, and workpaper. Renamed the medical vertical to healthcare with redirects, and flagged all vertical schemas experimental.

System prompts

Rebuilt the system instruction pages with live content, all six sector parameters, copy buttons, and a site-aware primer for querying the site with an AI assistant.

May 2026
v1.0 release

CoSAI SRF v1.0 (released May 28, 2026)

Adopted official Section 3 language, added announcement links, removed Draft v0.7 references, and corrected the EU AI Act framing throughout the site and the stress test.

Site restructure

Moved to a seven-item navigation with section hubs and a consolidated framework hub. Added the NICE Cybersecurity Workforce Framework mapping page.

SRF Stress Test

Added a Cloudflare Worker proxy for AI-powered scenario analysis, with model iterations and rendering fixes.

Foundation

Stood up the tools hub with assessment wizards, a TSC presentation viewer, README, Apache-2.0 license, a security audit, the custom domain, and MITRE ATLAS links on adversarial badges.