OWASP GenAI Security Project

🚀 Excited to announce the Agentic AI Security Summit – Europe! On 10 December 2025, the OWASP GenAI Security Project is hosting a focused half-day event in London dedicated to one of the most urgent topics in tech today: securing agentic AI systems. The OWASP GenAI Security Project’s Agentic Security Initiative is launching its landmark new guidance: the OWASP Top 10 for Agentic AI Security Expect sharp, practical sessions on:   ✅ Risks & threat modeling for autonomous AI   ✅ Red-teaming agentic behaviours & tool-use   ✅ Policy, governance & real-world compliance   ✅ Secure design for agent-driven applications Perfect for security engineers, AI/ML builders, red-teamers, CISOs, and anyone shaping the future of trustworthy AI. Taking place immediately adjacent to the Excel Center and Black Hat Europe Event. 🗓️ Event Details: Date: 10 December 2025 Time: 14:00 – 19:00 GMT (London) OWASP Gen AI Security Project Location: Crowne Plaza London Docklands Hotel, Royal Victoria Dock, Western Gateway, London E16 1AL, UK OWASP Gen AI Security Project+1 Registration: Secure your spot now. https://luma.com/88f9nkar For more details, visit: https://lnkd.in/gk5XGZ7T Let’s raise the bar for secure, responsible, and resilient agentic AI. #AgenticAI #AISecurity #OWASP #GenAI #CyberSecurity #AIGovernance #Infosec

🚀 Now Available: OWASP GenAI Security Project – Solutions Reference Guide (Q2/Q3’25 Edition) The OWASP GenAI Security Project is excited to announce the latest release of our Solutions Reference Guide, bringing together community-driven insights into securing Generative AI systems. This quarter’s edition features: 🔹 A comprehensive matrix mapping LLM and Agentic AI risks across the OWASP Top 10 for LLMs and Agentic Systems taxonomies 🔹 Detailed alignment with the GenAI SecOps lifecycle stages, providing visibility into risk coverage across build, deploy, and operate phases 🔹 Updated solution cheat sheets for both LLM and Agentic AI, designed to offer quick reference of available solution guidance for builders and defenders. 📅 Published quarterly, the guide is built from community submissions, ensuring it reflects the latest solutions, patterns, and best practices from real-world GenAI implementations. 💡 Whether you’re developing, deploying, or defending GenAI systems, this guide is your go-to reference for aligning controls, tools, and practices to secure AI responsibly. Download the Guide: 🔗https://lnkd.in/gKzruqUR Review and Submitt to the Online Directory (updated monthly): 🔗 https://lnkd.in/gzSEaFKK #OWASP #GenAISecurity #LLMSecurity #AgenticAI #AIsecurity #OWASPGenAI #CyberSecurity #AITrustworthiness

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity

🚨 Join us on October 9th for the Gen AI Application Security & Risk Conference – a one-day virtual event hosted by the OWASP GenAI Security Project in partnership with the CyberRiskAlliance! 🚨 This action-packed day features 3 tracks and 20 sessions covering: 🔹 Gen AI Security Governance 🔹 Gen AI Threat Intel & Red Teaming 🔹 Agentic & AI Application Security Hear directly from OWASP GenAI Project leaders, industry experts, and community practitioners on how to apply the latest OWASP GenAI Security Project research to secure AI systems in practice. If you missed us at Black Hat, RSA, or other recent events, this is your chance to catch up virtually and get the latest insights and guidance. Example sessions include: 💡 Trust at the Edge: Navigating GenAI Innovation and Security - Threat Defense Compass 💡 The Stochastic Shall Inherit the Earth (But Let’s Secure It First): Top 10 Risks for LLMs & GenAI 💡 OWASP State of Agentic AI Security Report: Risks & Mitigations 💡 Gen AI Red Teaming Guidance and Best Practices 💡 Prompt. Inject. Shell. Repeat: Exploiting Blind Spots within AI Guardrails …and many more! 👉 Reserve your spot today: Gen AI AppSec Virtual Summit https://lnkd.in/gc8Sk7u7 Use the promo code CSS25-OWASP for your free pass #OWASP #GenAI #AppSec #Cybersecurity #AIsecurity #GenAISecurityProject

🚀 Introducing the OWASP GenAI Security Project – Threat Defense COMPASS As organizations embrace Generative AI and agentic systems, security teams face a rapidly evolving challenge: how to unlock AI’s potential while staying ahead of new threats and attack surfaces. The OWASP GenAI Threat Defense COMPASS is here to help. This practical, spreadsheet-based tool maps and prioritizes your GenAI risks and mitigations, giving you a unified AI Threat Resilience Strategy Dashboard to support confident, strategic decisions. What’s Included: ✅ The Treat Defense COMPASS Spreadsheet Tool - Rapidly assess AI-related threats, align with MITRE ATT&CK, ATLAS, D3FEND, and other frameworks, and prioritize mitigations using the OODA Loop (Observe, Orient, Decide, Act). ✅ Threat Defense Playbook - A step-by-step guide to using COMPASS in real-world security scenarios. ✅ Training Video  - Walkthrough of applying COMPASS to real-world deployments, including managing risks around Microsoft Copilot rollouts. Start Building AI Resilience Today: 🧭 Download the COMPASS Tool https://lnkd.in/gm4-cgmx 📖 Read the Playbook https://lnkd.in/gA59kxCp 🎥 Watch the Tutorial Video https://lnkd.in/gtN2aDsU By iteratively using COMPASS, your team can continuously observe system behavior, orient with threat intelligence, decide on priorities, and act fast — staying ahead of regulatory, competitive, and adversarial pressures. This is one of many OWASP resources supporting threat-informed defense, including CycloneDX, ASVS, API Top 10, and Cheat Sheets. 🔒 Stay proactive. Stay resilient. Stay secure. For more information and to learn how you can contribute to the work of the community, visit the OWASP GenAI Security Website. https://genai.owasp.org/ #OWASPGenAISecurityProject, #AISecurity, #AIGovernance, #GenAIRedTeaming, #CISOs, #SecurityPractioners #OWASP, #GenAI, #Security

🌍 Announcing the OWASP Agentic AI Event – Dubai 2025 We’re excited to launch the first OWASP GenAI Security Meetup in the Middle East, hosted at the University of Birmingham Dubai on 17 September 2025. This full-day event will explore the security of Agentic AI systems, bringing together global leaders, local experts, and students to connect, learn, and build the future of AI Security. 💡 Event Highlights ·      Keynotes and talks from OWASP GenAI leaders ·      Insights from the OWASP Dubai Chapter and regional experts ·      Agentic Security Initiative Overview ·      Agentic AI in Enterprise and related threats ·      Networking with researchers, practitioners, and students This is a milestone for the OWASP GenAI Project, expanding our community to the Middle East and engaging directly with students, researchers, and industry. Register here: https://lnkd.in/g94e2FXp Location: 📍 University of Birmingham Dubai 📅 17 September 2025 Let’s define the future of Agentic AI Security together. #OWASP #GenAISecurityProject #GenAI #AIsecurity #AgenticAI #OWASPTop10 #Cybersecurity #Dubai

🌐 Announcing the Gen AI Security Solutions Landscape Cheat Sheet – Q2–Q3 2025 Edition The rapid growth of LLM & Generative AI is transforming industries, but it also introduces new, complex security challenges. As organizations integrate AI into their products and operations, ensuring performance, reliability, and security at every stage of the lifecycle is critical. That’s why the OWASP GenAI Security Project has published the updated AI Security Solutions Landscape Cheat Sheet, a comprehensive, peer-reviewed guide to help security teams, developers, and AI practitioners navigate this evolving space. This resource maps open-source and commercial solutions across the entire AI lifecycle, from: 🔹 Scope & Planning – requirements gathering, compliance, threat modeling 🔹 Augment & Fine-Tune – secure data handling, adversarial robustness 🔹 Develop & Experiment – vulnerability scanning, secure coding 🔹 Test & Evaluate – functional, security, and usability testing 🔹 Release & Deploy – secure CI/CD, encryption, API access control 🔹 Operate & Monitor – anomaly detection, incident response, runtime protection 🔹 Govern – compliance management, data security posture, risk assessments All stages are aligned with the OWASP Top 10 for LLM & Gen AI Security, ensuring a standardized approach to identifying risks and selecting the right security solutions. 💡 Whether you’re building, deploying, or securing AI-powered systems, this cheat sheet offers a clear, structured view of the security landscape to help you make informed decisions. 📥 Download the Q2–Q3 2025 Cheat Sheet now: 🔗 https://lnkd.in/gEvYFqMw #AIsecurity #GenAI #OWASP #LLMOps #SecOps #AIGovernance #AISecuritySolutions #Cybersecurity #AI

💥 Debuting FinBot CTF - Can you outsmart an AI agent that’s trying to do its job? Prove it.. During last week’s events in Las Vegas, the OWASP GenAI Security Project’s - Agentic Security Initiative proudly unveiled FinBot, our new insecure agent Capture The Flag (CTF) challenge, designed to help builders and defenders understand and mitigate agentic AI risks through hands-on experience. We kicked things off with a live debut during Black Hat, followed by another presentation with OWASP at DEF CON. FinBot’s current challenge focuses on Goal Manipulation — one of the threats outlined in our Threats and Mitigations Guide published earlier this year. The demo showed how adding urgency can cause an AI agent to prioritize speed over accuracy, manipulating its goal from “process invoices correctly” to “process invoices quickly.” The CTF includes 3 flags of increasing difficulty, each testing your ability to exploit the vulnerability, often through creative prompt injection techniques. Co-led by Helen Oakley & Allie Howe as part of the Agentic Security Initiative, this is just the beginning. Our vision is to make FinBot the “Juice Shop” of Agentic AI, expanding with more scenarios and vulnerabilities to strengthen AI security across the ecosystem. Try it for yourself: 🔗https://lnkd.in/gPjR_f_a Visit the OWASP Gen AI Security Project’s Agentic Security Initiative to learn more and learn how you can be a contributor.  🔗https://lnkd.in/ghuXBdSk #OWASPGenAISecurity Project #AIsecurity #OWASP #AgenticAI #CTF #GoalManipulation #PromptInjection #BlackHat #DEFCON #OWASPAgenticSecurityInitiative

🚀 New Release – Q3 2025 OWASP Agentic Security Solutions Landscape The OWASP Gen AI Security Project has just published the Q3 2025 Agentic Security Solutions Landscape, which is a focused view on security solutions for agentic AI applications as part of our broader AI Security Landscape initiative. This guide maps the Agentic DevOps–SecOps application lifecycle, defining roles, responsibilities, and security milestones for each stage, and aligning them to the OWASP Agentic Threats and Mitigations framework. It catalogs both open-source and commercial solutions to help teams address risks end-to-end, from planning and development to deployment, operation, and governance. The Agentic Landscape also complements our recently published Agentic AI Security resources, including: ✅ Agentic AI – Threats and Mitigations ✅ Multi-Agentic System Threat Modeling Guide v1.0 ✅ Securing Agentic Applications Guide 1.0 ✅ State of Agentic AI Security and Governance v1.0 It will also directly inform the upcoming Top 10 Risks and Mitigations list for Agentic AI applications. 📅 The full Generative AI Security & Safety Solutions Landscape, covering all GenAI security domains, drops next week. Get the Full Q3 2025 Agentic Security Solutions Landscape report here:  🔗https://lnkd.in/gucBcrVD For more information about Agentic Security Best Practices, visit our website and check out the Agentic App Security Initiative, and learn more about how you can contribute your expertise.  🔗https://genai.owasp.org Scott Clinton, John Sotiropoulos, Ron F. Del Rosario #OWASP #GenAI #AgenticAI #AISecurity #DevOps #SecOps #AIThreatModeling #AICompliance #AIrisks

Just some photos from our event yesterday at #BlackHat2025. Thanks to everyone who attended. If you missed this one, keep us in mind for our events. Come out and meet your cybersecurity heroes!