Ep.46 Meeting Dec 2 2025: Agentic Top 10 launch, Data Security Data Collection, AI BOM Initiative скачать в хорошем качестве

Ep.46 Meeting Dec 2 2025: Agentic Top 10 launch, Data Security Data Collection, AI BOM Initiative

In this bi-weekly core team meeting for the OWASP Generative AI Security Project, project leaders and contributors closed out the year with a comprehensive look at momentum, milestones, and what’s next. The session opened with community introductions, including new contributor Harish Ram Chandran (SAP), and then shifted into an end-of-year snapshot of project growth and output. Scott Clinton shared preliminary “state of the project” metrics, highlighting a major expansion in published resources year-over-year, increased localization and translations, and significant growth across the community’s Slack and LinkedIn channels. The project also reported strong engagement through major events (including RSA, virtual events, and regional summits), alongside sustained newsletter growth and high audience interaction with published content. Several workstreams provided updates: Agentic Security Initiative (ASI): John shared progress on ASI’s governance structure, its expert review board, and the rapid production of key resources—spanning threats and mitigations, secure MCP guidance, code examples, and hands-on tooling such as the Finnbot CTF. The group also previewed the upcoming OWASP Agentic Top 10 launch, including a major London event featuring panels on regulation, research, and red teaming. Data Security Initiative: Emanuel outlined the reboot of the data security workstream, including a refreshed roadmap, updated threat and mitigation focus for GenAI and agentic systems, and a plan to publish updated guidance and implementer-oriented best practices in 2026. Red Teaming: Jason reported strong progress toward a Q1 draft of a practical red teaming handbook, emphasizing real-world methodology (stakeholder interviews, service mapping, recon, refusal pattern analysis) and a supporting GitHub repo including “Agent Zero” for hands-on testing. The group also discussed the need for sustainable updates given rapidly changing protocols like MCP. Threat Intelligence (CTI): The CTI initiative announced monthly meetings moving forward, plans to refine the workstream charter, ongoing exploit research, and an updated deepfake guide revision expected soon. AI BOM (Bill of Materials): Helen introduced the new AI BOM workstream—focused on producing practical transparency artifacts for AI systems, aligned with SBOM standards and CycloneDX. The initiative will release tooling and documentation designed to help practitioners automate AI system transparency and risk reporting. The meeting closed with open discussion, recognition of community contributions, and reminders about upcoming events—especially the London gathering and the next core team meeting on January 7. To learn more, explore resources, or join the community, visit the OWASP GenAI Security Project website: https://genai.owasp.org