A humble “Top 10” list enumerating the biggest GenAI security risks has now turned into a major project.
What began in May 2023 as the “OWASP Top 10 for LLM and Generative AI List”—a countdown of AI-related threats, like data poisoning and sensitive information leakage—has become a collection of strategy recommendations, supported by an org of over 600 contributing experts from more than 18 countries.
The newly named “OWASP GenAI Security Project” supplies guidance and checklists for IT pros deploying GenAI and the large language models that power the technology.
Recent announcements included tips on exploits, red-teaming, and deploying agents.
A Deloitte study of 2,773 global respondents in the C-suite or at director level between July and September 2024 found a declining but steady curiosity in generative tools among business leaders. Forty-six percent of board members and 59% of C-suite pros reported high or very high interest in GenAI in Q4, down from 62% and 74% in Q1.
“We began to expand very rapidly, to go beyond just the Top 10 list, and to start to create working groups and initiatives that addressed a broad set of issues around AI security,” Scott Clinton, co-chair of the project, told IT Brew.
Clinton spoke with us about top threats and how quickly the group must react to address them.
The responses below have been edited for length and clarity.
Which GenAI security threat are people asking about lately?
From a threat perspective, there’s certainly the concerns around agentic architectures.
What are the risks to agentic setups?
As you start to look at more automation, you have a lot of excessive agency that you’re offering to these different agents. Agents become autonomous at a certain stage, and the questions are: What do we do to make sure that the data that they’re exchanging is valid, that there are some assurances that these agents won’t necessarily go rogue? Is the data being shared properly? When we get into AI, data is a central part of it, as well. And do these agents have the right authentication? There’s a lot more concern here because they’re integrating with traditional systems. As you start to integrate agentic workloads into traditional systems, there’s not yet a lot of experience or patterns in deployment characteristics.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
How do you best handle the challenge of providing guidance to a technology that’s emerging? I feel like we just started hearing about agents. How do you best provide effective advice quickly?
We know this is evolving rapidly. Because we already have a set of experts that can start to look at these things immediately, we can come up with what our initial impressions are around the risk area. We’re very much focused on iteration. It’s important to be iterating, especially in these early areas, quickly…If you look at, not just agentic, but across the full AI security spectrum, you need to be agile and respond, because boards aren’t saying, “Yeah, you can wait to secure this stuff.” They’re saying, “We’ve got to do AI now. So, you have to secure it now.”
What are the stakes of not deploying GenAI strategically?
New architectures are applying AI in different ways, and that is opening up more risk, because it’s connecting autonomous systems to enterprise data. There’s a lot of risk associated with that, just in uptime and availability, data risks, identity theft, the whole set of risks that we normally talk about. If you don’t start to do some practical steps, you are going to find yourself behind an eight ball pretty quickly, or you’re going to become the most unpopular security guy in your organization, because your board is going to probably say, “Yeah, we need to move forward, and you’re holding us back.”