SAS Statement Regarding AI Cybersecurity Strategy

Reference Name: AI Cybersecurity
Severity: Informational
Status: Investigation

History

• 6-10-2026 – Initial statement

Summary

SAS is aware of and actively monitoring the continuously evolving landscape of AI-based cyber threats and new frontier AI models. This includes initiatives such as Mythos, Project Glasswing, and similar efforts. SAS remains committed to continuously assessing the impact of new advances in the field of AI on the security of SAS products. SAS is actively prioritizing the rapid adoption of new and evolving security strategies to address the novel threats of increasingly sophisticated AI-based tools.

Should these tools identify any material risks or critical issues that could impact SAS or SAS customers, SAS is prepared to swiftly respond and take appropriate remediation actions. SAS remains committed to proactively managing emerging risks and ensuring the continued security and trust of customers.

SAS Cloud Solutions

SAS Cloud and Information Services is doing the following to stay ahead of emerging risks:

• actively researching the latest AI-based cyber threats
• engaging with trusted partners with direct access to frontier AI models
• leveraging those partnerships to participate in joint security exercises, red-team testing, and structured evaluations 

In parallel, SAS Cloud and Information Services is using large language models within internal security programs, which extends defensive capabilities beyond the pre-AI era standards.

Impact (Preliminary Evaluation)

SAS has evaluated that all software products face increased cybersecurity threat levels due to AI-based cyber threats. SAS is supporting a coordinated effort to take a risk-driven approach to adapting current cybersecurity practices to proactively address concerns.

SAS® 9.4, SAS® Viya® 3.5, and the SAS® Viya® platform are increasing the scope and velocity of vulnerability remediation in supported versions, and SAS is adopting new tools and strategies internally to anticipate novel threats. Initial efforts have focused on streamlining secure software delivery through increased automation and developing AI-driven tooling to assess the risk of third-party components, starting with the SAS Viya platform. Additional investigations to enable further AI-driven security assessments at a code-base level are in progress.

As always, SAS recommends that you keep your SAS deployments up-to-date.

• The current version of the SAS®9 platform is SAS® 9.4M9. Instructions for upgrading are available. 
• The current version of the SAS® Viya 3.x platform is SAS Viya 3.5 w44. 
• The current versions of the SAS Viya platform are LTS 2026.03 and Stable 2026.05.

Guidance, Activities, and Plans

At this time, no SAS-specific customer action is recommended in response to the advances of AI-based cyber threats.

SAS intends to provide continuous software updates to reduce risk to supported versions of SAS Viya and SAS 9. This bulletin will be updated when major targeted software updates are available.

Updates to this Bulletin

When SAS has additional news or guidance for AI-based cyber threats and the changes being made to SAS software and services to remediate these threats, we will update this official security bulletin.

The latest SAS Product Security bulletins are available at https://support.sas.com/en/security-bulletins.html and by RSS feed. Additional information on SAS’s standard security and privacy practices can be found at https://www.sas.com/en_us/trust-center.html.