OWASP Gen AI Security Project Newsletter - October Edition

Greetings Gen AI Security Enthusiasts and OWASP Community Members!

Author

GenAI Admin
October 29, 2025

Coming Up in November

Join us on November 6-7th to connect with over 800 security experts, thought leaders, and practitioners!

This will be an in-person event held in the heart of the Washington DC, as well as OWASP’s largest US Conference, an opportunity you definitely will not want to miss out on.

This is your chance to connect, learn, and grow with some of the brightest minds in the field. Be inspired by our keynote speakers and dive deep into six expertly curated tracks—including builder/developer, breaker, defender, manager-culture, and OWASP Projects. You’ll find actionable insights, hands-on learning, and the learned experience of world-class keynote speakers.

Register Today!

New Resources

The OWASP GenAI Security Project’s Threat Defense COMPASS consolidates AI threats, vulnerabilities, defenses, and mitigations1 into a Unified AI Threat Resilience Strategy Dashboard.

Be sure to download the COMPASS RunBook and watch the COMPASS Training Video on how to use the compass:

RunBook  Training Video

The Solutions Landscape monitors and maps the full LLM and Generative AI lifecycle, focusing on the DevOps–SecOps intersection to meet evolving security needs.

The State of Agentic AI Security and Governance provides a comprehensive view of today’s landscape for securing and governing autonomous AI systems. It explores the frameworks, governance models, and global regulatory standards shaping responsible Agentic AI adoption.

The OWASP GenAI Security Project commissioned this GenAI Incident Response guide to help fill this need by providing security practitioners with guidelines and best practices for how to respond to security incidents involving GenAI applications.

The Solutions Landscape monitors and maps the full Agentic AI lifecycle, focusing on the DevOps–SecOps intersection to meet evolving security needs.

Check Out the Resources Library
Access the full catalog of resources, publications, tools and presentations.
https://genai.owasp.org/resources/

Featured Resource: FinBot

FinBot is part of the OWASP GenAI Security Project’s Agentic Security Initiative, created to equip builders and defenders with hands-on tools for understanding and mitigating agentic AI risks.

FinBot is an Agentic Security Capture The Flag (CTF) interactive platform that simulates real-world vulnerabilities in agentic AI systems using a simulated Financial Services-focused application.

Currently focused on Goal Manipulation attacks, the CTF provides challenges and flags to help developers identify, exploit, and secure against these threats.

Designed as the “Juice Shop for Agentic AI,” FinBot will expand with more challenges, fostering a continuous feedback loop between researchers, security practitioners, and developers to harden agentic AI applications.

Watch the Overview Video and check out the GitHub to contribute!

Recent Learning Videos

Watch a video to learn more on the GenAI Security Project’s Threat Defense COMPASS!

Watch a DEMO for our Agentic AI Capture The Flag (CTF) — FinBot here!

Watch Scott Clinton share key updates, including the publication of the State of Agentic AI Security & Governance Guide and the launch of the Agentic Security Landscape here!

Join the Bi-Weekly Open Project Meeting

Get the latest tea on the project!!

Join us every other Wednesday at 9am PST for our bi-weekly open project meeting. Follow the link below to get the Zoom details. Come Join us !! https://genai.owasp.org/meetings/

Highlights From The Project Blog

OWASP Agentic AI Taxonomy in Action: From Theory to Tools

Powered by the new Agentic AI Threats & Mitigations Taxonomy, the OWASP GenAI Security Project is putting theory into practice. The team showcased how tools like Pensar, SPLX.AI Agentic Radar, and AI&ME are integrating the taxonomy to help developers detect, test, and defend against agentic risks across the AI lifecycle—marking a major step from framework to functional security tooling.

OWASP Gen AI Incident and Exploit Round-up, Q2’25

The OWASP GenAI Security team’s Q2 2025 incident round-up highlights real-world exploits in generative AI, from jailbreaks in GPT-4.1 to deepfake voice scams and Copilot injection attacks, each mapped to the OWASP Top 10 for LLMs. The report offers concrete mitigations and emphasizes the growing need for proactive defense as AI systems scale across industries.

New Project Silver Sponsors

Akto is the best platform for AI Security teams to build an enterprise-grade Agentic AI security program, rated most trusted by Fortune 500 companies around the world.

Learn more about Akto HERE!

CT-Cyber empowers enterprises to build and deploy secure software. Their Cybersecurity Consultants integrate robust Application Security practices to provide expert guidance in Agentic AI.

Learn more about CT-Cyber HERE!

CalypsoAI is the leader in GenAI security. The CalypsoAI inference security platform uses autonomous agents to test, attack, and defend AI applications in order tp deliver continuous, real-time protection at scale.

Learn more about Calypso AI HERE!

Upcoming Events

Join us for the OWASP 2025 Global AppSec USA this year!

November 3-7, 2025
at the, Marriott Marquis Washington, DC Training Dates: November 3-5, 2025 Conference Dates: November 6-7, 2025

Email [email protected] for additional details concerning event or venue information.

For a Full List of upcoming and past Events visit the project website events page.
https://genai.owasp.org/events

Volunteer Job Listings

As a community driven, volunteer effort the project is always looking for people to contribute their skill and expertise. Where we have specific needs we have created volunteer job listing to help volunteers understand the communities’ needs and commitments. If you know someone or want to contribute yourself check out these needs.

Working Group: Outreach
Newsletter & Social Media Marketing Lead (Volunteer)
The Newsletter & Social Media Marketing Lead will manage the OWASP Gen AI Security Project’s newsletters and social media channels, creating engaging content to grow community awareness. Responsibilities include content creation, scheduling, and engagement across platforms, collaborating with the Outreach & Marketing Committee to drive outreach efforts and promote AI.

Location: Remote, anywhere in the world

Working Group: Outreach
Virtual and Physical Events Lead (Volunteer)

The Marketing Events Lead will coordinate virtual and in-person events for the OWASP Gen AI Security Project, ensuring seamless planning, promotion, and execution. Responsibilities include event logistics, speaker coordination, and community engagement, working with the Outreach & Marketing Committee to enhance participation and awareness in AI security discussions worldwide.

Location: Remote, anywhere in the world

Keep track of future volunteer jobs on Volunteer Jobs Page on our website.

1