Trusted CI Launches Secure Use of AI Effort

Significant numbers of science research projects currently use or will use an array of AI resources to help facilitate scientific research, from machine learning (ML) for elements of the research data lifecycle, to generative AI large language models (LLMs). These resources are part of a rapidly evolving landscape where there is limited guidance on their cybersecurity and research security impacts. To address this critical gap, Trusted CI initiated the Secure Use of AI effort in January 2026 as part of its overall initiatives on AI. This new endeavor focuses on gathering and sharing information to help research cyberinfrastructure organizations and institutions of higher education understand the impact of AI on their research and cybersecurity programs, including the inherent limitations and vulnerabilities of different types of AI tools and systems.

Security risks associated with the use of AI resources in scientific research projects encompass two broad categories. The first involves adversarial attacks that deliberately target AI systems and their underlying components, such as the models, data pipelines, or supporting infrastructure. The second involves operational risks that arise from the behavior and limitations of AI systems, including model hallucinations, design flaws, or improper handling and interpretation of AI-generated outputs. The Secure Use of AI team is mapping the litany of concerns with frameworks for addressing them, thereby identifying urgent areas for scientific cybersecurity programs to adapt or augment their existing approaches. Additionally, as part of the initial phase of activities, the Trusted CI Secure Use of AI team will engage with community stakeholders to gather insights needed to clarify understanding, concerns, and challenges of AI use. This effort will include interviews of community experts on AI and security, and interviews or round table activities with research cyberinfrastructure operators to determine their evolving needs.The activities will result in the socialization of guidance and other outputs from this project among NSF and the broader federally-funded research community.

Through development and growth of relationships with NSF Major Facilities and collaboration with organizations such as CI Compass, the NSF SECURE Center, the National Artificial Intelligence Research Resource Pilot (NAIRR) and its NAIRR Secure effort, and others, Trusted CI will seek to foster a community of practice focused on the Secure Use of AI in Research environments.

If you have questions or suggestions, or need help securing AI in your research project or organization, please contact Trusted CI at help@trustedci.org.

Welcome to Our New Advisory Committee Members!

In support of our expanded mission, Trusted CI is thrilled to welcome Damian Clarke, Ph.D. and Manish Parashar, Ph.D. to the Trusted CI Advisory Committee. Dr. Clarke rejoins the Advisory Committee after 2 years serving as special advisor to the program. His experiences in leadership positions at universities and university consortia, particularly in the U.S. Southeast, will be particularly valuable to Trusted CI as it works to further engage with institutions of higher education to determine how best to address the cybersecurity requirements of research security. Dr. Parashar brings a wealth of experience related to national cyberinfrastructure and artificial intelligence. We look forward to his input on our new AI initiatives and helping to define our future strategy to support the community with the secure use of AI technologies.

In addition to Drs. Clarke and Parashar, we wish to express our gratitude to the entire Advisory Committee for the guidance they provide and for sharing their time and insights to maximize the value of Trusted CI’s programs to the communities we serve.

SPHERE and Trusted CI Collaborate to Strengthen Research Security

In February 2026, the NSF-funded Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE) project hosted a week-long cybersecurity residency with Trusted CI, the National Science Foundation’s Cybersecurity Center of Excellence. The residency marked an important milestone in SPHERE’s transition from construction toward sustained operations, strengthening an already robust security posture through formal alignment with widely recognized best practices.

SPHERE previously partnered with Trusted CI during the 2024 Trusted CI Framework Cohort, where the SPHERE team adopted the Trusted CI Framework and completed a structured self-assessment of its cybersecurity program against the framework’s 16 Musts. The Musts identify the concrete, critical requirements for establishing and running a competent cybersecurity program. That cohort experience validated SPHERE’s foundational approach to security, while also highlighting an important next step: formally adopting a baseline cybersecurity control set and performing a gap analysis between that baseline and SPHERE’s existing controls. The Trusted CI Framework specifically recommends adoption of a recognized baseline control set in its Must 15.

Building on that groundwork, the February 2026 residency embedded Trusted CI staff directly with the SPHERE DevOps team for one intensive week at the USC Information Sciences Institute in Marina del Rey, CA. Working side by side, the teams aligned SPHERE’s existing cybersecurity controls with the CIS Critical Security Controls (CIS Controls v8), which SPHERE has now formally adopted as its baseline control set.

This work focused on mapping SPHERE’s existing practices to the CIS Controls, identifying gaps, and prioritizing future improvements. The residency also strengthened SPHERE’s alignment with NSF’s evolving expectations for research security, including closer alignment with the NSF Research Infrastructure Guide (RIG) and its set of 14 critical controls. By grounding its program in both the Trusted CI Framework and the CIS Controls, SPHERE gained a common language for documenting controls, reduced reliance on ad hoc decision-making, and ensured consistency with broadly accepted community standards.

During the residency, Trusted CI conducted site visits at all the sites that host SPHERE physical infrastructure. They visited the ISI and USC server rooms, and met virtually with SPHERE co-PIs and their teams at Northeastern University Khoury College of Computer Sciences and the University of Utah Kahlert School of Computing. These discussions helped ensure that SPHERE’s distributed architecture is protected in a coordinated and consistent manner across institutions.

With the gap analysis complete, SPHERE is well positioned to prioritize future security investments as it moves toward full operations. The outcome directly supports SPHERE’s core mission of enabling realistic and reproducible experimentation without compromising trust in the facility or the science it supports. Achieving this mission requires protecting the underlying infrastructure from attack and security breaches, safeguarding the integrity and availability of shared resources, and ensuring strong isolation and protection of researcher experiments and data.

SPHERE will share lessons learned from the residency with the broader Trusted CI Research Infrastructure Security Community (RISC), contributing back to the ecosystem that helped shape its approach.

 

SPHERE (Security and Privacy Heterogeneous Environment for Reproducible Experimentation) is an NSF Mid-scale Research Infrastructure-1 project (Award #2330066) spanning USC Information Sciences Institute, Northeastern University, and the University of Utah. SPHERE provides a public testbed for reproducible science and experimentation tailored to the needs of cybersecurity and privacy researchers and educators.

Trusted CI, the NSF Cybersecurity Center of Excellence, is supported by the National Science Foundation under Interagency Agreement #A2407-049-089-064206.0. Trusted CI’s mission is to enable trustworthy NSF science by partnering with cyberinfrastructure operators to build and maintain effective cybersecurity programs, publishing resources for the broader NSF community, and advancing the processes, tools, and knowledge needed to secure research progress.

2026 Trusted CI Scholars Program Now Accepting Applications

 As cybersecurity becomes increasingly vital across the scientific community, cultivating the next generation of cybersecurity leaders has never been more important. Trusted CI is proud to announce the Trusted CI Scholars Program (formerly Trusted CI Student Program), designed to equip students with essential skills, insights, mentorship, and hands-on experiences in cybersecurity.

The Trusted CI Scholars Program goes beyond technical training. It is about building a collaborative and innovative community of emerging leaders. If you are a student passionate about cybersecurity—or know someone who is—we encourage you to apply and join us in shaping a safer, more secure future for science and beyond.

Why Trusted CI Scholars Matter

Through mentorship, applied learning, and sustained interaction with cyberinfrastructure practitioners and the broader NSF community, Scholars learn from the processes, tools, and knowledge that Trusted CI advances to support secure research. In doing so, the program extends Trusted CI’s impact into the next generation of the cybersecurity workforce.

Additionally, as Trusted CI begins addressing the needs of higher education institutions related to research security, cybersecurity requirements, and artificial intelligence, early and proactive student engagement with these topics lays important groundwork for developing the skills, awareness, and readiness they may need to secure the nation’s science and research enterprise.

Goals of the Program

The Trusted CI Scholars Program is committed to:

1. Providing Foundational Knowledge: Gain practical insights into cybersecurity through workshops, mentorship, and participation in the annual NSF Cybersecurity Summit.

2. Growing Leadership Skills: Strengthen communication, collaboration, integrity and adaptability.

3. Empowering Advocacy: Serve as cybersecurity ambassadors within your communities, sharing knowledge with peers and connecting them to Trusted CI for advanced support.

4. Building Long-Term Connections: Join a growing network of Trusted CI alumni, opening doors to coaching, networking, and career opportunities in the cybersecurity field.

Highlights for 2026

This year’s program includes exciting enhancements:

• Focused Workshops and Mentorship: Scholars will engage in tailored workshops and one-on-one mentorship with Trusted CI staff and subject-matter experts.

• Alumni Engagement: Past participants will continue to have access to resources and Summit reunion opportunities, fostering sustained learning and long-term relationships. Alumni are also encouraged to share their experiences through blog posts, presentations, and outreach activities to inspire future cybersecurity professionals.

• Streamlined Application Process: Applicants will submit a personal statement, professional bio sketches, and letters of support, enabling a more holistic evaluation.

Applications are now open on our submission website and close March 6. 

For more information on how to apply, visit Trusted CI’s website or reach out to scholars@trustedci.org.

Together, we’re preparing the next generation of cybersecurity leaders!

Trusted CI 2025 Summit Report Now Available

Last October, Trusted CI convened the 2025 NSF Cybersecurity Summit. This yearly event provides a forum for National Science Foundation (NSF) scientists, researchers, cybersecurity, and cyberinfrastructure (CI) professionals and stakeholders to share effective technical practices and brainstorm solutions to everyday challenges facing cybersecurity environment professionals. When the community comes together for the Summit, they collectively learn from each other.

The 2025 Summit was held in person in Boulder, CO, at the Center Green Campus at UCAR and NSF NCAR.

Interested in reading more takeaways from this year's Summit? Download the full Summit Report from https://doi.org/10.5281/zenodo.18484621

Trusted CI Mission Expanding to Address Cybersecurity for Research Security and AI

As we enter into 2026, Trusted CI leadership is excited to share some important updates regarding the expansion of our mission. We will begin addressing the needs of higher education institutions as they relate to research security and the cybersecurity requirements of NSPM-33. In addition, we will begin major new strategic initiatives focused on the secure use of AI in research. Both of these changes represent significant expansion of our mission and also the number of institutions that we will directly impact.

Our core mission continues to be supporting the security of research through cybersecurity excellence.  This includes our existing community of NSF Major Facilities and Mid-Scales, a community we remain committed to supporting. We will continue to host the annual NSF Cybersecurity Summit and will expand the program to include topics related to research security and AI. In addition, this year we’ll host our first Regional Summit in partnership with the University of Alabama.

In support of our expanded mission, we will begin partnering strategically with the SECURE Center and NAIRR-related projects. SECURE Center’s expertise in research security complements our cybersecurity expertise, and we will partner to provide comprehensive support to academic institutions who are navigating compliance with emerging NSPM-33 cybersecurity requirements. We will partner with NAIRR stakeholders to support their cybersecurity program needs. 

We have established our plans for 2026 inclusive of our new objectives. This includes pivoting our cohort model to new communities focused on research security in 2026.

We look forward to engaging with new community members in the coming year! Please send any comments or questions to info@trustedci.org. 

Trusted CI Completes Two Assessment Pilots with Cohort Graduates

The second half of 2025 was incredibly productive for the Trusted CI team. After a successful cohort in the first half of 2025, Trusted CI shifted efforts to piloting two new kinds of assessments: a Trusted CI Framework reassessment for organizations who previously participated in a Trusted CI Framework cohort program and a Cybertrack+ Assessment with NOIRLab focused on assessing the most important cybersecurity controls.  

Trusted CI Framework Reassessment Cohort Pilot

This pilot was a three month group engagement where previous cohort graduates had their cybersecurity programs re-assessed by Trusted CI, culminating in new ratings for each of the Framework’s 16 Musts and updated strategic recommendations. The Framework reassessment cohort was designed to be lighter-weight than the original Framework cohort, allowing organizations who are already well-versed in the Framework to quickly engage with Trusted CI, while preserving the opportunity to meet and learn from one’s peer organizations in a small-group environment. The pilot brought five NSF-sponsored organizations together for opportunities to share their experiences: Corporation for Education Network Initiatives in California (CENIC), Network for Advanced NMR (NAN), US National Science Foundation National Optical-Infrared Astronomy Research Laboratory (NOIRLab), National Solar Observatory (NSO), and Ocean Observatories Initiative (OOI).

CENIC reassessment presentation

Each organization had the opportunity to collaborate with other participants at the in-person Reassessment Workshop during the 2025 NSF Cybersecurity Summit in Boulder, CO. During the workshop, organizations presented on their mission and cybersecurity program, highlighted major changes from their previous assessment, as well as successes, challenges, and lessons learned. The group also held a hotwash on their experience with the reassessment cohort to help Trusted CI improve the program going forward. 

“Participating in the Framework reassessment cohort pilot was a worthwhile experience that not only allowed the OOI to reengage with and learn from our Trusted CI and Major Facility colleagues but also to reflect on and better quantify all of the hard work that has gone into improving the OOI cybersecurity program since it was assessed in 2022 as part of the inaugural Framework cohort.”   –Craig Risien, Ocean Observatories Initiative

Reassessment Workshop in Boulder, CO

Trusted CI Cybertrack+ Assessment Pilot with NOIRLab

Over last summer, Trusted CI kicked off a pilot assessment focused on assessing the most important cybersecurity controls. To do this, Trusted CI adopted the Cybertrack Assessment Methodology: This assessment methodology was developed through a partnership between Purdue University and Indiana University, with sponsorship from the Indiana Office of Technology. These assessments evaluate the most powerful cybersecurity fundamentals leveraging the Trusted CI Framework and CIS Controls, and provide actionable advice to improve an organization's cybersecurity posture. Cybertrack+ assessments expand this methodology to incorporate additional CIS Safeguards that are most important for operational technology (OT).  In future assessments, Trusted CI plans to tailor the methodology to include the NSF Critical Controls that subsequently appeared in the 2025 NSF Research Infrastructure Guide. 

Trusted CI engaged with NOIRLab to test the assessment on a research infrastructure organization. The Trusted CI Team worked with NOIRLab over a period of about two months, conducting written discovery and meeting for a fact finding session to clarify any outstanding details. At the end of this pilot, NOIRLab received an assessment report with prioritized recommendations to improve its controls implementation. 

"The results of the Trusted CI Cybertrack+ Assessment included 5 top recommendations that will have an immediate impact on our cybersecurity posture.  The rest of the report will help drive future projects that will further secure our research infrastructure.  This was much more painless than other assessments, with better, more focused recommendations." –Jerry Brower, NOIRLab

The success of both the reassessment cohort and the Cybertrack+ pilot was significantly amplified by strong collaboration among all participants and the Trusted CI team. Trusted CI extends its sincere thanks to all participants for their commitment, time, and helpful contributions throughout these pilot assessments.