Project OWASP Promotes GenAI Security Project to Flagship Status

The OWASP Top 10 for LLM and Generative AI has recognized industry need and expanded scope and become an OWASP Flagship Project

WILMINGTON, Del., March 27, 2025 /PRNewswire/ -- The Open Worldwide Application Security Project (OWASP) announced today that its OWASP Top 10 for LLM and Generative AI List has become The OWASP Gen AI Security Project. The name change reflects the popularity of the initial Top 10 List and the recognition of the project's expanded focus. It also reflects last year's charter along with the broad set of new industry leading initiatives and open-source resources addressing gen AI adoption and the security application lifecycle. 

The OWASP Gen AI Security Project is a global, open-source initiative dedicated to identifying, mitigating and documenting security and safety risks associated with generative AI technologies. With a mission to empower organizations, security professionals, AI practitioners and policymakers, this new flagship project will continually publish comprehensive, actionable guidance and tools to ensure the secure development, deployment and governance of generative AI systems.

In early 2024, the OWASP Top 10 for LLM Application Security Project expanded its focus from a list of AI-related vulnerabilities and threats to include additional resources for CISOs and compliance officers, like theLLM Cybersecurity and Governance Checklist, The Guide for Preparing and Responding to Deepfake Events, The Center of Excellence Guide and The AI Security Solution Landscape Guide.

This broader scope now includes governance, risk management and compliance for LLM deployment, and is supported by various project initiatives and working groups dedicated to Risk and Exploit Data Mapping, LLM AI Cyber Threat Intelligence, Secure AI Adoption and AI Red Teaming & Evaluation.

OWASP transitioned the Top 10 List, with the initial list of AI-related vulnerabilities and threats to become an "Initiative" as part of this newly announced OWASP Gen AI Security Project.  OWASP Gen AI Security Project has grown to include over 600 contributing experts from more than 18 countries, over 130 companies, and nearly 8,000 active community members.

The just published Agentic AI Threats and Mitigations Guide begins addressing the security challenges in autonomous systems. This resource provides developers and security professionals with a guide to emerging threats in agentic AI applications, including key terms, threat models, a structured taxonomy and mitigation strategies. In addition, new translations for the OWASP Top 10 for LLM Applications and Generative AI are also available in Spanish, German, Simplified Chinese, Traditional Chinese, Portuguese and Russian. These translations expand OWASP's global support for accessible, actionable cybersecurity resources worldwide.

Andrew van der Stock, director, OWASP Foundation, said: "The promotion of the OWASP Gen AI Security Project reflects the significance of providing open-source forums where security professionals can collaborate freely for the sole sake of security. AI is a revolutionary technology that will transform every industry in the coming decades, and OWASP has a world-class project leading the way. Promotion to Flagship is rare and a very high bar for any project. Few are chosen and must be confirmed by a Global Board of Directors vote after a thorough evaluation. To be promoted, a project must be mature, active, and strategic to our core mission, which is to advance application security. The OWASP Gen AI Security Project meets all these important criteria."

Steve Wilson, co-chair, OWASP Gen AI Security Project, said: 
"When we first launched the Top 10 List back in 2023, we had no idea how widespread the adoption of the list would be. Like any other innovation, AI has introduced new security challenges requiring experts to collaborate. This project's expansion now allows us to address the specific challenges that autonomous AI agents pose. It provides the groundwork for cybersecurity professionals to create executable guidelines to defend against the vulnerabilities arising for agentic LLM and Gen AI applications." 

Scott Clinton, co-chair, OWASP Gen AI Security Project, said: "Thanks to widespread industry adoption, the OWASP Gen AI Security Project has rapidly evolved from a lab initiative to one of only a few flagship projects for the OWASP Foundation in just 18 months. As agentic systems gain popularity, our goal moving forward with this project is to maintain a fact-based, regularly updated map of the emerging agentic environment, its threat model, mitigations and guidance in efforts to shape a secure future of AI-enabled security."

About OWASP Gen AI Security Project
The OWASP Gen AI Security Project is a global, open-source initiative dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies, including large language models (LLMs), agentic AI systems, and AI-driven applications. Our mission is to empower organizations, security professionals, AI practitioners, and policymakers with comprehensive, actionable guidance and tools to ensure the secure development, deployment, and governance of generative AI systems. Visit our site to learn more.

About OWASP
The Open Worldwide Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools and technologies in the fields of IoT, system software and web application security. Led by a non-profit called The OWASP Foundation, OWASP provides free and open resources. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations. The OWASP Foundation, a 501(c)(3) non-profit organization in the U.S. established in 2004 in the U.S., supports the OWASP infrastructure and projects.

View original content to download multimedia:https://www.prnewswire.com/news-releases/project-owasp-promotes-genai-security-project-to-flagship-status-302412689.html

SOURCE OWASP