惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Spread Privacy
Spread Privacy
T
The Exploit Database - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 热门话题
T
Threat Research - Cisco Blogs
T
Tenable Blog
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
AI
AI
P
Proofpoint News Feed
A
About on SuperTechFans
P
Privacy International News Feed
月光博客
月光博客
雷峰网
雷峰网
S
Secure Thoughts
博客园 - 叶小钗
博客园 - 聂微东
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Project Zero
Project Zero
The Cloudflare Blog
SecWiki News
SecWiki News
The Hacker News
The Hacker News
V
Vulnerabilities – Threatpost
罗磊的独立博客
A
Arctic Wolf
阮一峰的网络日志
阮一峰的网络日志
Know Your Adversary
Know Your Adversary
酷 壳 – CoolShell
酷 壳 – CoolShell
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Troy Hunt's Blog
The Last Watchdog
The Last Watchdog
Schneier on Security
Schneier on Security
小众软件
小众软件
有赞技术团队
有赞技术团队
博客园 - 司徒正美
T
Tailwind CSS Blog
量子位
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
S
Security @ Cisco Blogs
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
宝玉的分享
宝玉的分享
L
Lohrmann on Cybersecurity

AWS Open Source Blog

Open Protocols with the Strands Agents SDK | Amazon Web Services Building secure AI agents at scale: Introducing Loom for AWS | Amazon Web Services Introducing MCP server for Registry of Open Data on AWS | Amazon Web Services Building a Stateful IT Service Desk Agent with LangGraph on Amazon EKS | Amazon Web Services Open Governance for MySQL: A Step Forward for the Community | Amazon Web Services Governing AI Assets at Scale with MCP Gateway and Registry | Amazon Web Services Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans | Amazon Web Services Decoupling Authorization at Scale: MongoDB Atlas and Cedar-Based Resource Policies | Amazon Web Services Deploying cloud-based engineering workbenches with the Virtual Engineering Workbench on AWS | Amazon Web Services AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats | Amazon Web Services Introducing Strands Labs: Get hands-on today with state-of-the-art, experimental approaches to agentic development | Amazon Web Services Cedar Joins CNCF as a Sandbox Project | Amazon Web Services Building intelligent physical AI: From edge to cloud with Strands Agents, Bedrock AgentCore, Claude 4.5, NVIDIA GR00T, and Hugging Face LeRobot | Amazon Web Services Shaping the future of MCP: AWS’s commitment and vision | Amazon Web Services Introducing Strands Agent SOPs – Natural Language Workflows for AI Agents | Amazon Web Services Announcing ml-container-creator for easy BYOC on SageMaker | Amazon Web Services The Swift AWS Lambda Runtime moves to AWSLabs | Amazon Web Services Jupyter Deploy: Create a JupyterLab application with real-time collaboration in the cloud in minutes | Amazon Web Services Introducing CLI Agent Orchestrator: Transforming Developer CLI Tools into a Multi-Agent Powerhouse | Amazon Web Services Strands Agents and the Model-Driven Approach | Amazon Web Services AWS joins the DocumentDB project to build interoperable, open source document database technology | Amazon Web Services Open Protocols for Agent Interoperability Part 4: Inter-Agent Communication on A2A | Amazon Web Services Powering AI-Driven Security with the Open Cybersecurity Schema Framework | Amazon Web Services Introducing Strands Agents 1.0: Production-Ready Multi-Agent Orchestration Made Simple | Amazon Web Services Open Protocols for Agent Interoperability Part 3: Strands Agents & MCP | Amazon Web Services Open Protocols for Agent Interoperability Part 2: Authentication on MCP | Amazon Web Services Introducing AWS CDK Community Meetings | Amazon Web Services Secure your Express application APIs in 5 minutes with Cedar | Amazon Web Services
OCSF Achieves ITU Support: Powering AI-Ready Security Operations | Amazon Web Services
2026-03-25 · via AWS Open Source Blog

AWS Open Source Blog

The security industry stands at an inflection point. In November 2024, the Open Cybersecurity Schema Framework (OCSF) joined the Linux Foundation, cementing its role as a vendor-neutral, open source standard for the global security community. Last summer at Black Hat 2025, we showed you how OCSF was powering AI-driven security operations. Then in December 2025, member states of the International Telecommunication Union (ITU), the United Nations’ (UN) body for information and communication technologies, supported OCSF for ratification as an international standard by June 2026. Standardized security data is no longer a future goal. It’s the foundation organizations are building on today.

When organizations ask me what separates leaders from followers in security, the answer is simple: leaders are no longer asking “what is OCSF?” They’re asking “how fast can we implement it?”

Why Data Standardization Matters More Than Ever

Security is fundamentally a data problem. Security teams today have access to more data than ever before. Modern enterprises generate security logs across on-premises data centers, cloud environments, and SaaS applications. This wealth of information should accelerate detection and response, but inconsistent log formats create friction.

The challenge isn’t the volume of data. It’s making that data actionable. When each security tool uses a different schema, your engineers spend time building data pipelines and custom parsers instead of developing advanced detection algorithms. This slows investigations and limits your ability to leverage AI-powered security operations.

AI and machine learning models need consistent, unambiguous data to reason effectively. Standardized schemas enable AI systems to correlate events across sources, identify patterns, and generate accurate insights. OCSF provides that foundation: an open source standard that automatically normalizes security data from any source into a common language, creating AI-ready data without custom parsers or complex pipelines.

Real-World Impact: How OCSF Powers AI-Ready Security Operations

Organizations across industries are discovering that OCSF doesn’t just solve a data normalization problem — it unlocks entirely new operational capabilities. When security teams no longer need to build and maintain custom parsers for every log source, they reclaim engineering time for strategic work: building advanced detection algorithms, developing automation playbooks, and innovating on threat response. Central logging environments that once required weeks of custom development to onboard new sources can be operational in hours with OCSF and managed AWS security services. Combined with columnar storage formats like Apache Parquet, organizations see meaningful reductions in both storage footprint and query compute costs. The efficiency compounds: cleaner data means faster queries, which means less compute, which means lower cost.

How OCSF Powers Agentic Security Operations

The key to this transformation is OCSF’s standardized schema, which enables efficient queries that weren’t possible before. Security investigations previously required learning different log formats, developing complex queries for each data source, and manually decoding output into meaningful information. With OCSF, an orchestrator coordinates child agents that automatically retrieve relevant runbooks, pull business context, analyze logs without format translation, and generate actionable insights. The AI doesn’t misinterpret data because OCSF provides consistent attribute definitions, unambiguous data types, and standardized query paths across all log sources.

Technical Evolution: OCSF v1.8.0

The OCSF community continues to evolve the framework to meet emerging security challenges, while maintaining strict backwards compatibility. Since our last update at Black Hat 2025, the community has released v1.8.0 (released March 16th, 2026), with enhancements focused on AI operation observability, network packet-level visibility, and privilege analysis.

Key enhancements in v1.8.0 include:

  • AI Operation Support: A new ai_operation profile and supporting objects (ai_model, message_context) bring native schema coverage for AI workloads, including token usage metrics and role-based interaction tracking.
  • Privilege Analysis with ATT&CK Mapping: New objects (privilege_info, privilege_attack_info, service_privilege_analysis) enable detailed privilege analysis with MITRE ATT&CK technique mapping, supporting unused privilege detection and access risk assessment.
  • macOS Extension and Cross-Platform Improvements: A new macOS extension adds egid and euid to the process object, with related attributes promoted from the Linux extension to the base schema for cross-platform reuse.
  • Network Packet Capture: A new packet object on network event classes enables packet-level data representation, along with a network_observation_point attribute for richer traffic context.

These enhancements reinforce OCSF’s role as the schema for AI-ready security operations, extending native coverage to the AI workloads and network telemetry that modern detection and response demands.

Ecosystem Momentum: From Community to International Standard

The OCSF community has grown rapidly, with over 1,280 contributors across 200 organizations driving the framework forward. This momentum reached a new milestone in December 2025.

The ITU Milestone

In December 2025, ITU member nations formally supported OCSF for ratification as an international standard, a move that highlights the framework’s universal value across diverse regulatory environments and shifting security priorities.

This achievement extends far beyond technical validation. When an international body like the ITU recognizes a framework with unanimous member support, it signals a critical shift: standardization is no longer just an industry preference. It is a global necessity. Slated for official ratification as an ITU x.*** international standard by June 2026, OCSF is poised to play an increasingly vital role as governments worldwide integrate ITU standards into their national cybersecurity policies.

Ultimately, this milestone is the culmination of years of collaboration among enterprises, security vendors, cloud providers, and open source contributors. The journey from an industry consortium to a Linux Foundation project, and now to an international standard, proves what we can achieve when the security community prioritizes interoperability over proprietary silos. OCSF’s success underscores a simple truth: standardizing security data benefits everyone, from individual organizations to the entire global security ecosystem.

The Path Forward: What’s Next for AI-Ready Security

The security industry is entering a new era where AI-powered security operations become the norm rather than the exception. The momentum behind OCSF, from Linux Foundation adoption to ITU ratification, signals a fundamental shift in how organizations approach security operations.

The traditional SOC model, where analysts manually triage alerts, investigate incidents, and respond to threats, cannot scale to meet the velocity and complexity of modern attacks. Agentic AI changes this equation. Organizations that standardize their security data today are building the foundation for autonomous threat hunting and investigation, predictive vulnerability analysis, and intelligent response orchestration. This isn’t a future vision. It’s happening now.

ITU ratification accelerates this transformation. As governments worldwide incorporate ITU standards into national cybersecurity frameworks, the pressure to adopt standardized approaches will intensify, particularly in regulated industries.
On the technical front, OCSF maintainers have initiated collaboration with OpenTelemetry (OTEL) maintainers to integrate security and observability domains. Separating security telemetry from operational telemetry limits how teams understand system behavior under attack. Unified telemetry enables holistic analysis: understanding not just what happened, but why it happened and what it means for the broader system.

The organizations that thrive in this new landscape won’t be those with the most security tools or the largest SOC teams. They’ll be the ones who built their security operations on a foundation of standardized, AI-ready data. OCSF provides that foundation.

The question isn’t whether AI will transform security operations. The question is whether your security data is ready for this transformation: OCSF is how you get there. The community continues to grow, and we invite you to join us at the OCSF Breakfast at RSA Conference on March 25, 2026 in San Francisco to explore these ideas further.