Cloud Security Auditing Tool Uses AI to Validate Providers' Security Assessments

• By John K. Waters
• 06/20/25

The Cloud Security Alliance (CSA) has launched a new artificial intelligence-powered system that automates the validation of cloud service providers' (CSPs) security assessments, aiming to improve transparency and trust across the cloud computing landscape.

Introduced at CSA's Cloud Trust Summit, Valid-AI-ted represents a major step forward for the nonprofit's Security, Trust, Assurance and Risk (STAR) program, leveraging large language models (LLMs) to perform rapid, objective reviews of STAR Level 1 self-assessments. The system is the first of its kind to offer automated scoring and detailed qualitative feedback at scale.

"Our focus on security-conscious innovation led to the creation of Valid-AI-ted and will continue to see us deliver forward-looking initiatives that push the boundaries of secure, AI-driven technology," said Jim Reavis, CSA CEO and co-founder, in a statement.

Redefining STAR Level 1 Assurance

CSA's STAR Registry, which publicly documents the security and privacy controls of cloud services, has long relied on self-assessments by CSPs as part of its Level 1 certification. However, the quality of these submissions has varied, often requiring interpretation by end users.

Valid-AI-ted aims to resolve this by introducing standardized, AI-assisted grading. The tool evaluates responses against CSA's Cloud Controls Matrix (CCM), providing granular, domain-specific scoring. Providers who meet the required benchmark earn a distinctive "Valid-AI-ted" badge, enhancing visibility on the STAR Registry.

Free for Members, Discount for Attendees

The system is offered at no cost to CSA member organizations, which are allowed unlimited assessment submissions. Non-members can resubmit assessments up to 10 times and pay a standard $595 fee — discounted to $395 through the end of June for attendees of CSA's Cloud Trust Summit.

The automated tool's benefits include:

• Consistent quality assurance: Ensures assessments meet a robust security baseline.
• Actionable insights: Highlights specific gaps and areas for improvement.
• Recognition: Highlights proactive security practices to customers and regulators.
• Path to maturity: Helps organizations transition toward STAR Level 2 third-party audits.

Market Integration and Licensing

CSA is also opening the door to third-party integration. Solution providers can embed the Valid-AI-ted scoring rubric into their own Governance, Risk, and Compliance (GRC) offerings by obtaining a CCM license.

The move underscores CSA's continued push for transparency and standardization in an increasingly complex cloud security environment. By automating the first tier of assurance, CSA hopes to accelerate both compliance and customer trust.

For more information, go to the CSA site.