OWASP GenAI Exploit Round-up Report Q1 2026 Coverage period: January 1, 2026 through April 11, 2026 Overview For the last two years the OWASP GenAI Security Project published a list of the major incidents for the last quarter. This is not designed to be an exhaustive report. This report consolidates major AI-related security incidents and […]
OWASP GenAI Exploit Round-up Report Q1 2026 Read Post »
New resources, a full week of RSA programming and growing industry adoption mark a milestone moment for the open-source AI security community WILMINGTON, Del. — March 19, 2026 — The OWASP GenAI Security Project (genai.owasp.org), a leading global open-source and expert community, growing to more than 25K members, dedicated to delivering practical guidance and tools
As OWASP’s Agentic Security Initiative (ASI) gains momentum, its impact is already being felt across the AI security landscape. The Agentic AI – Threats and Mitigations taxonomy is now powering real-world developer tools that embed security into the workflows of AI builders and red teams. In this post, we highlight three standout tools—PENSAR, SPLX.AI Agentic Radar, and AI&ME—that are adopting the OWASP ASI taxonomy to help teams test, defend, and build secure agentic systems. This growing ecosystem is also informing the development of the forthcoming OWASP Top 10 for Agentic AI. Join us at DEF CON and Black Hat to help shape what’s next.
OWASP Agentic AI Taxonomy in Action: From Theory to Tools Read Post »
OWASP Gen AI Incident & Exploit Round-up, Q2 (Mar-Jun) 2025 About the Round-up This is not an exhaustive list, but a semi-regular blog where we aim to track and share insights on recent exploits involving or targeting Generative AI. Our goal is to provide a clear summary of each reported incident, including its impact, a
OWASP Gen AI Incident & Exploit Round-up, Q2’25 Read Post »
As AI systems begin interacting with live tools and data via the Model Context Protocol (MCP), new security risks emerge that traditional approaches can’t fully address. This post summarizes key insights from the OWASP GenAI Security Project’s latest research on securing MCP, offering practical, defense-in-depth strategies to help developers and defenders build safer agentic AI applications in real time.
Securing AI’s New Frontier: The Power of Open Collaboration on MCP Security Read Post »
WILMINGTON, Del. — March 27, 2025 — The Open Worldwide Application Security Project (OWASP) announced today that its OWASP Top 10 for LLM and Generative AI List has become The OWASP Gen AI Security Project. The name change reflects the popularity of the initial Top 10 List and the recognition of the project’s expanded focus.
About the Round-up This is not an exhaustive list, but a semi-regular blog where we aim to track and share insights on recent exploits involving or targeting Generative AI. Our goal is to provide a clear summary of each reported incident, including its impact, a breakdown of the attack, relevant vulnerabilities from the OWASP Top
OWASP Gen AI Incident & Exploit Round-up, Jan-Feb 2025 Read Post »
The UK Government Department for Science Innovation and Technology (DSIT) published its new voluntary Code of Practice (CoP) for the Cyber Security of AI today, January 31. Based upon 13 principles, the CoP clarifies the responsibilities of different AI stakeholders and is, for the first time, structured alongside the typical AI system lifecycle from planning
The OWASP Foundation is thrilled to announce the launch of the Agentic Security Initiative from the LLM and Generative AI Security Project to tackle the unique security challenges posed by Autonomous AI agents. The initiative, part of the OWASP LLM/Gen AI Security Project, known for the Top 10 List for Large Language Models (LLMs), sets
Challenge Currently limited actionable data exists in understanding how different LLMS are being leveraged in exploit generation, and what mechanisms can be used to detect and assess exploits to develop mitigations and guardrails. Initiative Overview This initiative aims to explore the capabilities and risks associated with generating day-one vulnerabilities’ exploits using various Large Language Models
Research Initiative – Securing and Scrutinizing LLMS in Exploit Generation Read Post »
warranty of service or accuracy. For more information, please refer to our General Disclaimer. – Copyright © 2025 OWASP Foundation, Inc.