OWASP GenAI Security Project Gets Update, New Tools Matrix

APPLICATION SECURITY СLOUD SECURITY VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS News, news analysis, and commentary on the latest trends in cybersecurity technology. OWASP GenAI Security Project Gets Update, New Tools Matrix In recognition of 21 generative AI risks, the standards groups recommends that companies take separate but linked approaches to defending GenAI and agentic AI systems. Robert Lemos,Contributing Writer April 6, 2026 4 Min Read SOURCE: TIPPAPATT VIA SHUTTERSTOCK The Open Web Application Security Project (OWASP) is updating its look at the risk and defensive landscape of artificial intelligence (AI), reflecting the fast adoption of the technology and the security issues that adoption poses.  The OWASP Foundation published expanded security recommendations for companies adopting AI systems, splitting its tracking of solutions into two groups — generative AI and agentic AI — while outlining 21 different risks for GenAI systems. The first guide focuses on securing GenAI and large language models (LLMs); the second focuses on agentic AI systems. In addition, OWASP published its first listing of GenAI Data Security risks, covering 21 potential data issues caused by AI systems, including sensitive data leakage, exposure of agent identities and credentials, and unsanctioned data flows due to shadow AI. Because the field is changing so rapidly, the group's latest release comes only four months after the previous solutions guide, and the number of covered providers has expanded from 50 to more than 170, says Scott Clinton, co-lead of the OWASP GenAI Security Project. The pace has become more regular, though OWASP does not expect the ecosystem to continue needing such quick updates. It will instead move to a six-month schedule, he says.  Related:Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain "When we first started, we were publishing it every quarter because things were moving so incredibly fast," he says. "The industry is kind of still moving quickly, solutions are still coming in, but it's not quite at the same pace." From Models to Swarms A smattering of incidents underscore the risks as companies continue to struggle to secure their usage of LLMs, GenAI, and AI agents. Users have found that AI agents will often ignore security boundaries to complete tasks, and the shift to "swarms" — collections of AI agents — to complete tasks has led to even greater security complexity. Many layers of the AI development and deployment ecosystems, such as Model Context Protocol (MCP) servers, are woefully insecure, experts say. Still, the use of these systems is exploding, dwarfing even the rise in software-as-a-service applications. A 10,000-employee company might have had 30 to 100 applications in the past, but now it has tens of thousands of AI applications running when you count specific LLM calls that generate scripts to gather data, says Sai Modalavalasa, chief architect at AI-security firm Straiker. Tools to help manage the problem are still being developed, says Modalavalasa, a contributor to the OWASP GenAI Security Project. First, companies need to be able to see what AI agents are doing in their networks and systems. Related:Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy "Without visibility and observability, literally, you're shooting in the dark," he says, adding that, unlike application security, in the world of AI, "you cannot put a finger on when you say visibility because it's all over the map." Companies focused on GenAI and LLMs early on, but now much of the development and security concerns have shifted to agentic AI systems. As a result, OWASP has shifted to a multipronged effort: GenAI and LLMs on one hand and agentic AI on the other. The two classes of AI applications have different protocols for interaction and thus require different solution sets, Clinton says. "When we first started doing the first top 10 list, MCP didn't exist, A2A [Agent2Agent] didn't exist. We'll have more protocols coming up that are helping to build applications as we get more complex," he says. "The multi-agent architectures almost guarantee ... that we're going to continue to see some separation there between them."   The growing list of companies offering solutions for agentic AI systems. Source: OWASP Creating a New AI Security Road Map The two solutions reports aim to create a map of how the security of LLMs, GenAI, and agentic AI systems need to evolve as part of a DevOps and SecOps software development and deployment cycle. The reports cover both commercial and open source tools, which address the unique aspects of security of AI-based ecosystems, such as goal drift, prompt injection, inter-agent collusion, and unsafe tool execution. Related:Automaker Secures the Supply Chain With Developer-Friendly Platform The current goal is to connect the solutions emerging in the market and an evolving definition of the software development life cycle mapped to AI and agentic realities, and then to map those to the risks that OWASP has documented, Clinton says. The third document released by OWASP includes the top 21 risks that companies need to manage in their data security posture, which covers discovering AI systems and activity, classifying data and AI assets, creating policy to govern those interactions, and monitoring for compliance and security. The top risks include sensitive data leakage through prompts and model outputs (DSGAI-01), data poisoning through the manipulation of training data and embedded memory files (DSGAI-04), and compromise through third-party tools and data (DSGAI-06). Companies need to evaluate their use of AI to determine the most significant risks, says Straiker's Modalavalasa. "I think the defenses are driven by both how you are adopting it — your business needs," he says. "If you are relying on AI a lot, trying to rely on its models for your whole automation and reasoning stack ... or depending too much on it, probably [the defenses] are not there yet because AI could 'go crazy' — it's very goal-driven and [could] lose the context." About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 Access More Research Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN More Webinars You May Also Like APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 APPLICATION SECURITY Microsoft Drops Another Massive Patch Update by Jai Vijayan, Contributing Writer APR 08, 2025 Latest Articles in DR Technology APPLICATION SECURITY Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain APR 3, 2026 ENDPOINT SECURITY CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry APR 3, 2026 ENDPOINT SECURITY The Forgotten Endpoint: Security Risks of Dormant Devices MAR 31, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS