The project began as the OWASP Top 10 for LLM Applications, but has rapidly grown beyond that first project to now include over 8 working groups, 14+ projects and growing, all focused at adressing the security lifecycle for LLM, GenAI and Agentic applications. We are consolidating all of the project githubs here under one umbrella github organization to help improve collaboration, discoverability, cross-project collaboration, and contribution.
For full deatils about our project, join us at our main website https://genai.owasp.org
- Open & Collaborative: The project thrives on global contributions from AI and security experts across industries, academia, and government sectors.
- Transparency & Accessibility: All research outputs are open-source, peer-reviewed, and freely available to ensure widespread adoption and continuous improvement.
- Practical & Actionable Guidance: The project focuses on producing hands-on, implementable security solutions rather than theoretical frameworks.
- Ethical AI Security Advocacy: Promote responsible AI development and deployment by addressing ethical concerns, bias mitigation, and adversarial misuse.
Risk Identification & Documentation
- Maintain and evolve the OWASP Top 10 for LLM Applications, and other reseources, providing a structured framework for understanding generative AI’s most critical security risks.
- Research and document emerging threats, adversarial attack techniques, and potential vulnerabilities specific to AI models and applications.
Security Best Practices & Mitigations
- Develop practical security recommendations and blueprints for securing AI-driven applications.
- Provide governance frameworks, compliance guidelines, safety and risk management strategies tailored for AI security.
- Maintain and expand resources like AI Security Solutions Landscape, a curated repository of security tools, and frameworks, updated quarterly.
Applied Research & Community Collaboration
- Foster research initiatives such as AI Red Teaming & Evaluation, Securing AI-driven Exploit Generation, and Agentic AI Security to explore attack surfaces and mitigation strategies.
- Collaborate with academic institutions, industry leaders, and government agencies to drive AI security research and regulatory alignment.
Education, Training, & Knowledge Sharing
- Provide publicly accessible security resources, training materials, and open-source tools to support AI security education.
- Translate key security documents into multiple languages to ensure accessibility for a global audience.
- Engage security professionals and AI engineers through working groups, webinars, and industry events.
Enterprise Adoption & AI Governance
- Develop and maintain resources to support practitioners and executives alike such as the CISO AI Security Checklist, offering structured guidance for enterprises integrating generative AI into business workflows.
- Support organizations in building AI security governance programs through resources like the OWASP AI Security Center of Excellence (CoE) Guide.
- Provide CISOs and security leaders with governance roadmaps and risk assessment methodologies.