OWASP Gen AI Security Project / Top 10 LLM Applications Newsletter - February '25 Edition

Greetings Gen AI Security Enthusiasts and OWASP Community Members!

Author

GenAI Admin
March 09, 2025

Featured for February

This document is the first in a series of guides from the OWASP Agentic Security Initiative (ASI) to provide a threat-model-based reference of emerging agentic threats and discuss mitigations.

New Resources This Month

This paper examines the practical implications of large language models (LLMs) in offensive cybersecurity, moving beyond theoretical possibilities to assess their real-world effectiveness. The research, conducted by the AI Threat Intelligence Initiative Team.

To learn about the AI Threat Initiative working group and roadmap visit: https://genai.owasp.org/inititatives/

The rapid proliferation of Large Language Models (LLMs) across various industries has highlighted the critical need for advanced data security practices. As these AI systems become more sophisticated, they bring with them unprecedented risks, including

To learn about the Data Security Initiative working group visit: https://genai.owasp.org/inititatives/

Check Out the Resources Library
Access the full catalog of resources, publications, tools and presentations.
https://genai.owasp.org/resources/

Mark your Calendars 
OWASP AI Security Summit: Safeguarding GenAI & Agentic Apps, @ RSAC 2025

Full Agenda is on it’s way, Project community event @RSA details as well.

Dive deep and explore the latest best practices in LLM & GenAI security, agentic security, AI red teaming, incident response, and governance, hosted by OWASP Gen AI Security Project, Gain expert insights on the OWASP Top 10 LLM and GenAI risks, AI security solution landscape, and cutting-edge defense strategies. Engage with industry leaders and stay to meet the open project core team.

Topic Areas
Project Update, Top 10 for GenAI 2025, Securing Agentic Apps, Red Teaming w/ Gen AI, The Latest GenAI CTI Research, New Governance tools for CISOs, AI Security Solution Landscape for Q2 2025 overview & trends, and more.

The full agenda will be published on the RSAC OWASP AI Security Summit Page.

Come for the Summit,
Attend The Entire RSA Conference

Join, learn, & save. OWASP members enjoy $750 off RSAC 2025 Conference RSAC 2025 brings together passionate thinkers, innovators, and problem-solvers
from Apr. 28 – May 1 in San Francisco.

Together, we’ll break new ground, sharpen our skills, and push the boundaries of what’s possible in cybersecurity. Register by March 28 to save $600 on a Full Conference Pass! Plus, OWASP members can unlock additional savings of $150 by using code 1U5OWASPFD. Secure your spot.

Join the Bi-Weekly Open Project Meeting

Get the latest tea on the project!!

Join us every other Wednesday at 9am PST for our bi-weekly open project meeting. Follow the link below to get the Zoom details. Come Join us !! https://genai.owasp.org/meetings/

Highlights From The Project Blog

OWASP Gen AI Incident & Exploit Round-up, Jan-Feb 2025

Not meant as an exhaustive list, but a semi-regular blog where we aim to track and share insights on recent exploits involving or targeting Generative AI.

If you have incidents or exploits you think we should include in the next edition you can submit them through this Google Form

OWASP AI Security Guidelines offer a supporting foundation for new UK government AI Security Guidelines

The UK Government Department for Science Innovation and Technology (DSIT) published its new voluntary Code of Practice (CoP) for the Cyber Security of AI, referencing multiple project resources.

This Month’s Gen AI Security Podcast

Sandboxing AI Models with Dyana & OWASP Top 10 for LLM Apps

In this episode, Aubrey sits down with Ads Dawson, a respected member of the AI community, to delve into the OWASP Top Ten for LLM Applications and Generative AI. They discuss the latest security challenges and showcase Dyana, an open-source utility developed for profiling and securing machine learning models.

The Generative AI Security Podcast is our Projects Monthly Podcast highlighting the project, research drill downs, practical examples, chats on AI and Cybersecurity trends and much more.

The podcast is available anywhere you get your podcasts including Apple Podcasts, Spotify and others. You can also catch up on past open project meetings there as well to get the latest tea on the project.

Upcoming Events

Come to the Project’s Sessions!

Title: Gen AI Security Project Roadmap

Speaker: Scott Clinton
Project Co-chair

Title: Navigating Agentic AI Security Risks

Speaker: John Sotiropoulos
ASI Initiative Lead

More details coming with the event agenda

For a Full List of upcoming and past Events visit the project website events page.
https://genai.owasp.org/events

Looking Ahead in March

New Learning Portal - Coming Soon

To our current website we will be adding a learning portal in March to make is easier to get up to speed and learn about our latest guidance, drill down on the details oh how best to securely adopt and secure generative AI applications.

This includes Community Created Videos, Webinar Recordings, Meetings, Training, Virtual Events and more.

If you have a video you created, that helps to educate folks on the OWASP Top 10 for LLM or other resources published by the project you can submit them for consideration using this Google Form

AI Security Solutions Landscape, for Q2’25

The updated AI Security Landscape launches at the end of March. We're still accepting inputs and adding use case filters like Red Teaming and Agentic App Security to simplify finding Gen AI security solutions. Know a useful tool? Submit it below! You dont have to be a vendor.

Exciting Project News Coming Soon !!

As you are a member of our community you are likely already aware that our project began as a single research publication. The OWASP Top 10 for LLM Applications and Generative AI. Since then however we have responded, as a community, to the need to address the broader security lifecycle now releasing research and established working groups spanning AI Threat Intelligence, Gen AI Governance and Adoption, AI Red Teaming, Data Security, Agentic Application Security, all while tracking the AI Security Solution Landscape.

I’ll be share more details later in the month.

- Scott Clinton, Co-chair OWASP Gen AI Security Project/Top 10 for LLM and Gen AI

New Volunteer Job Listings

As a community driven volunteer effort the project is always looking for people to contribute their skill and expertise. Where we have specific needs we have created volunteer job listing to help volunteers understand the communities’ needs and commitments. If you know someone or want to contribute yourself check out these needs.

Working Group: Outreach

Newsletter & Social Media Marketing Lead (Volunteer)
The Newsletter & Social Media Marketing Lead will manage the OWASP Gen AI Security Project’s newsletters and social media channels, creating engaging content to grow community awareness. Responsibilities include content creation, scheduling, and engagement across platforms, collaborating with the Outreach & Marketing Committee to drive outreach efforts and promote AI.

Location: Remote, anywhere in the world

Working Group: Outreach

Virtual and Physical Events Lead (Volunteer)

The Marketing Events Lead will coordinate virtual and in-person events for the OWASP Gen AI Security Project, ensuring seamless planning, promotion, and execution. Responsibilities include event logistics, speaker coordination, and community engagement, working with the Outreach & Marketing Committee to enhance participation and awareness in AI security discussions worldwide.

Location: Remote, anywhere in the world

Keep track of future volunteer jobs on Volunteer Jobs Page on our website.