Join us at RSAC 2026 in SF – Annual Gen AI Security Summit and Open Workshop – March 25th

|

Register Now!

Whitepapers/Guides

Whitepapers

Resources

OWASP GenAI Data Security Risks & Mitigations 2026

/ / Resources

The OWASP GenAI Data Security Risks and Mitigations 2026 guide provides a critical, forward-looking analysis of the unique data security challenges posed by the rapid, widespread adoption of Generative AI (GenAI) across enterprise environments, anticipating the landscape by 2026. This comprehensive guide moves beyond traditional software security paradigms to address the novel attack surfaces that […]

OWASP GenAI Data Security Risks & Mitigations 2026 Read Post »

Resources

A Practical Guide for Secure MCP Server Development

/ / Resources

A Practical Guide for Secure MCP Server Development provides actionable guidance for securing Model Context Protocol (MCP) servers—the critical connection point between AI assistants and external tools, APIs, and data sources. Unlike traditional APIs, MCP servers operate with delegated user permissions, dynamic tool-based architectures, and chained tool calls, increasing the potential impact of a single

A Practical Guide for Secure MCP Server Development Read Post »

Resources

OWASP Vendor Evaluation Criteria for AI Red Teaming Providers & Tooling v1.0

/ / Resources /

Vendor Evaluation Criteria for AI Red Teaming Providers & Tooling is a practical guide for organizations assessing vendors that offer AI red teaming services or automated testing tools. Developed under the OWASP GenAI Security Project, the document outlines clear criteria for evaluating both simple GenAI systems (such as chatbots and RAG applications) and advanced systems

OWASP Vendor Evaluation Criteria for AI Red Teaming Providers & Tooling v1.0 Read Post »

Resources, Publications

OWASP Top 10 for Agentic Applications for 2026

/ / Resources, Publications

The OWASP Top 10 for Agentic Applications 2026 is a globally peer-reviewed framework that identifies the most critical security risks facing autonomous and agentic AI systems. Developed through extensive collaboration with more than 100 industry experts, researchers, and practitioners, the list provides practical, actionable guidance to help organizations secure AI agents that plan, act, and make decisions across complex workflows. By distilling a broad ecosystem of OWASP GenAI Security guidance into an accessible, operational format, the Top 10 equips builders, defenders, and decision-makers with a clear starting point for reducing agentic AI risks and supporting safe, trustworthy deployments.

OWASP Top 10 for Agentic Applications for 2026 Read Post »

Resources, Publications

OWASP GenAI Security Project – Solutions Reference Guide Q2_Q3’25

/ / Resources, Publications

The OWASP GenAI Security Project – Solutions Reference Guide (Q2–Q3 2025) is a comprehensive, vendor-agnostic resource for organizations seeking to secure Large Language Models (LLMs) and Agentic AI applications. It extends the OWASP Top 10 for LLMs and the Agentic Risks and Mitigations Taxonomy by mapping identified risks to practical, open-source and commercial security solutions.

OWASP GenAI Security Project – Solutions Reference Guide Q2_Q3’25 Read Post »

Resources

CheatSheet – A Practical Guide for Securely Using Third-Party MCP Servers 1.0

/ / Resources

The Practical Guide for Securely Using Third-Party MCP Servers from the OWASP GenAI Security Project provides a detailed framework for safely deploying and managing external Model Context Protocol (MCP) servers. It outlines the unique security risks introduced by connecting AI models to third-party tools and data sources, including tool poisoning, prompt injection, memory poisoning, and

CheatSheet – A Practical Guide for Securely Using Third-Party MCP Servers 1.0 Read Post »

Uncategorized

OWASP GenAI Security Project – Threat Defense COMPASS RunBook

/ / Uncategorized /

The OWASP GenAI Security Project’s Threat Defense COMPASS consolidates AI threats, vulnerabilities, defenses, and mitigations into a unified AI Threat Resilience Strategy Dashboard. COMPASS enables organizations to evaluate everything from external adversaries using AI tools to internal deployments of Microsoft Copilot, Google Gemini, and proposed GenAI or Agentic projects. Designed for iterative use, COMPASS serves

OWASP GenAI Security Project – Threat Defense COMPASS RunBook Read Post »

Uncategorized

State of Agentic AI Security and Governance 1.0

/ / Uncategorized

The State of Agentic AI Security and Governance provides a comprehensive view of today’s landscape for securing and governing autonomous AI systems. It explores the frameworks, governance models, and global regulatory standards shaping responsible Agentic AI adoption. Designed for developers, security professionals, and decision-makers, the report serves as a practical guide for navigating the complexities

State of Agentic AI Security and Governance 1.0 Read Post »

Publications, Resources

GenAI Incident Response Guide 1.0

/ / Publications, Resources

The OWASP GenAI Security Project commissioned this GenAI Incident Response guide to help fill this need by providing security practitioners with guidelines and best practices for how to respond to security incidents involving GenAI applications. This guide was produced by a panel of experts convened by the OWASP GenAI Security Project’s CTI Initiative. The guide

GenAI Incident Response Guide 1.0 Read Post »

Resources

Securing Agentic Applications Guide 1.0

/ / Resources /

This guide aims to provide practical and actionable guidance for designing, developing, and deploying secure agentic applications powered by large language models (LLMs). It complements the OWASP Agentic AI Threats and Mitigations (ASI T&M) document by focusing on concrete technical recommendations that builders and defenders can apply directly.

Securing Agentic Applications Guide 1.0 Read Post »

OWASP and the OWASP logo are trademarks of the OWASP Foundation, Inc. Unless otherwise specified, all content on the site is Creative Commons Attribution-ShareAlike v4.0 and provided without

warranty of service or accuracy. For more information, please refer to our General Disclaimer.  – Copyright © 2025 OWASP Foundation, Inc.

Scroll to Top