Why we joined the Coalition for Secure AI — and what it means for file transfer

In March we joined CoSAI — the Coalition for Secure AI. We want to explain why, because the rationale isn’t obvious. SEND-SECURELY.COM is a file-transfer company. We move regulated data between organizations. We’re not building foundation models or training datasets. So what are we doing in an AI security coalition?

The honest answer is that the question reflects a narrower framing of what file transfer is than we think is accurate. File transfer infrastructure is increasingly where AI-generated content, AI-assisted workflows, and AI-trained datasets cross organizational boundaries. If AI security has a supply-chain problem — and we believe it does — that supply chain runs through the file-transfer layer. We want to be part of shaping how it’s secured.

Why CoSAI exists

CoSAI was formed to address a gap that became obvious as AI adoption accelerated: the security standards and frameworks that the industry has built over the past two decades — NIST 800-53, SOC 2, ISO 27001 — were designed around a threat model that predates the current AI deployment pattern. They’re good frameworks. They’re not complete frameworks for AI.

The specific gaps CoSAI is working on include: security for AI model supply chains (how do you verify the integrity of a model you downloaded, the same way you’d verify a software package?); threat modeling for AI-augmented attack surfaces (what does your incident response process look like when the attacker is using AI-assisted reconnaissance and AI-generated phishing payloads?); and standards for responsible disclosure and vulnerability reporting in AI systems, where the attack surface includes behaviors that don’t map cleanly to CVE-style discrete vulnerability enumeration.

These are hard problems. They require collaboration across vendors, researchers, and practitioners in a way that no single organization can drive alone. That’s the purpose of a coalition.

Why file transfer cares about AI security

We said file transfer is increasingly where AI workflows cross organizational boundaries. Let us be specific about what we mean.

Training data pipelines. Organizations building or fine-tuning models need to move training datasets across organizational boundaries — from data providers to training environments, from research teams to production ML infrastructure, from partners who have licensed proprietary data. Those transfers are file transfers. The integrity and provenance of the file that arrives at the training pipeline matters enormously: a poisoned training dataset that arrives looking legitimate is a supply-chain attack. The file-transfer layer is a point in the chain where integrity attestation and provenance verification can be inserted.

AI-generated output handling. Organizations consuming AI-generated content — reports, code, documents, analyses — increasingly need to transfer that content to other systems, other organizations, and downstream processes. The sensitivity profile of AI-generated content isn’t always obvious at generation time; a regulatory submission that was drafted with AI assistance and then transmitted to a regulator is still a regulated document. The file-transfer controls that govern it should be the same as any other regulated document transfer.

Model and artifact distribution. Organizations that deploy AI models internally and to partners need a secure, auditable way to distribute those artifacts. Model files are large, they carry intellectual property value, and a compromised model file — whether through tampering or substitution — can cause downstream harm that’s difficult to trace. Secure file transfer with integrity verification and audit logging is a natural fit for model artifact distribution.

The through-line is that AI workflows generate and consume regulated data, and regulated data flows through file-transfer infrastructure. AI security without file-transfer security is incomplete.

Three things we’ll contribute

Our participation in CoSAI isn’t passive. We’ve committed to three concrete contributions.

First: a reference architecture for AI training-data transfers. We’re drafting a reference architecture for organizations that need to move training data and model artifacts with integrity attestation and audit trail. This will cover hash verification at transfer boundaries, chain-of-custody logging that can be incorporated into model cards, and access control patterns for training pipelines that receive data from external sources. We expect to publish this in Q3 and contribute it to the CoSAI working group for feedback and incorporation into broader guidance.

Second: threat modeling for AI-assisted attacks on file-transfer infrastructure. The Q4 2024 credential-stuffing campaign we documented in our January threat report showed signs of AI-assisted targeting — credential lists curated with a precision that suggests automated filtering and classification. We’re working with CoSAI members to develop threat models that specifically address AI-assisted attacks against file-transfer and data-movement infrastructure. This isn’t hypothetical; the tooling exists and is in use. The threat models will feed into the broader CoSAI AI-threat framework.

Third: product telemetry contribution. We see a substantial volume of file-transfer traffic involving AI-generated content and AI platform workflows. With appropriate customer consent and anonymization, we’ll contribute aggregate telemetry to CoSAI research efforts on AI-workflow security patterns. Understanding how AI-generated content actually moves across organizational boundaries — what protocols it uses, what access control patterns are applied, where the gaps are — requires real-world data, and we’re in a position to provide some of it.

What customers should expect

In the near term: nothing changes in the product. Our CoSAI participation is a contribution and research activity, not a product announcement.

In the medium term, the reference architecture and threat model work will feed into product development. We expect to add integrity attestation features specifically designed for AI data-pipeline use cases — hash-based chain-of-custody records that can be incorporated into training logs and model cards — in the second half of 2025.

Longer term, as CoSAI develops standards and frameworks, we intend to build against them. The same way we track NIST publications and CMMC requirements and build compliance documentation for our customers, we’ll track AI security standards as they mature and surface the relevant evidence in our trust portal.

We think the AI security problem is genuinely hard and genuinely important. File-transfer infrastructure is a part of the solution. We’re glad to be in the room.