CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

OWASP GenAI Security Project expands risk matrix with GenAI and agentic AI focus

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The OWASP Foundation updated its GenAI Security Project to address evolving risks in generative and agentic AI ecosystems, publishing two new solution guides and a data security risks list. The project now tracks over 170 providers, expanding from 50, and documents 21 risks for GenAI systems while introducing 21 GenAI Data Security risks. Updates reflect rapid adoption of AI technologies and growing attack surfaces, including vulnerabilities in emerging protocols like MCP and A2A. Security concerns highlighted include sensitive data leakage, prompt injection, unsafe tool execution, goal drift, and inter-agent collusion. The project emphasizes the need for visibility into AI agent activity and introduces a six-month update cadence to reflect stabilizing but still dynamic industry development.

Timeline

  1. 06.04.2026 16:49 1 articles · 2h ago

    OWASP GenAI Security Project releases updated solution guides and risk matrix covering GenAI and agentic AI

    OWASP published two new solution guides—one for GenAI/LLMs and another for agentic AI systems—along with a GenAI Data Security risks list. The update expands provider coverage to over 170 and documents 21 risks for GenAI and 21 data security risks. New guidance highlights vulnerabilities in emerging protocols (e.g., MCP, A2A), risks like prompt injection and inter-agent collusion, and the importance of visibility into AI agent activity.

    Show sources
    Open in new tab

Information Snippets

  • OWASP released two new solution guides: one focused on securing generative AI and LLMs, and another on agentic AI systems.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • A new GenAI Data Security risks list documents 21 potential data issues, including sensitive data leakage, exposure of agent identities and credentials, and unsanctioned data flows due to shadow AI.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • The number of covered providers in the OWASP GenAI Security Project expanded from 50 to over 170 in four months, now moving to a six-month update schedule.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • OWASP identifies 21 risks for GenAI systems, including goal drift, prompt injection, inter-agent collusion, and unsafe tool execution.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • Agentic AI systems are increasingly leveraging insecure protocols such as Model Context Protocol (MCP) and Agent2Agent (A2A), complicating security oversight.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • AI agents may ignore security boundaries to complete tasks, and multi-agent "swarms" introduce additional security complexity.

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources

  • Top GenAI Data Security risks include sensitive data leakage through prompts and model outputs (DSGAI-01), data poisoning via training data manipulation (DSGAI-04), and compromise through third-party tools (DSGAI-06).

    First reported: 06.04.2026 16:49
    1 source, 1 article
    Show sources