OWASP® Foundation

On April 21, 2026, a major breakthrough in cybersecurity happened: leading standardization initiatives gathered in Washington DC and agreed to begin coordinating collectively on AI security. A personal dream come true. The result: MOSAIC: Multi-Organization Secure AI Coordination. The goal: turn a fragmented landscape into clear, consistent standards and guidelines, to deal with the mounting risks of AI. This important step was taken at the AI Security Policy Forum, organised and led by the OWASP AI Exchange, with SANS Institute as co-host - convening standard makers and policy stakeholders. The initiatives at the table included: 👉 BIML (Berryville Institute of Machine Learning) 👉 Center for Internet Security (CIS) 👉 Cloud Security Alliance (CSA) 👉 Coalition for Secure AI (CoSAI) 👉 National Institute of Standards and Technology (NIST) 👉 OWASP AI Exchange (AIX) 👉 OWASP GenAI Security Project 👉 SANS Institute The group agreed that it is now more important than ever to coordinate around the rapidly evolving possibilities and challenges of AI, as AI security risks mount. One of the next steps is to provide a standardized map of the participating initiatives and a communication platform to exchange insights on a first list of identified topics (e.g., aligning with other initiatives such as SC42, building on OpenCRE, consensus on definitions), improve consistency, clarity, quality, and prevent unnecessary duplication. The idea is to move fast while maintaining independence and with lightweight coordination - not add more committees. In addition to the organizations mentioned, the discussion also included journalists, representatives from International Telecommunication Union (ITU), The Aspen Institute, academia, and government — providing valuable perspectives on developments in both policy and industry. This helped prioritize the topics to focus on. In the picture, from left to right, standing to sitting: Disesdi Shoshana Cox (AIX), Gary McGraw(BIML), Rob van der Veer (AIX), Anonymous, Duncan Sparrell, John Yeoh (CSA), Rock Lambros (GenAI), Norma Krayem, Brian Calkin (CIS), Matt Altomare (Aspen), Omar Santos (CoSAI), Aruneesh Salhotra (AIX), Jonathan Gibson (The Dispatch), Apostol Vassilev (NIST), Rhea Nygard, Ken Huang, Lav Varshney (Stony Brook University), Sounil Yu, and Sharon Goldman (Fortune) Not in the picture, but involved, in alphabetical order: Rob T. Lee (SANS), Ryan Galluzzo (NIST), Soribel F. A big thank you to: 👏 Disesdi Shoshana Cox for her idea to bring everybody together in a room to fulfil the connecting mission of the Exchange 👏 The amazing thinktank at the AI Exchange 👏 Spyros Gasteratos for his work on OpenCRE 👏 Violeta Klein, CISSP, CEFA for shaping the story for the Forum 👏 Straiker, Casco (YC X25), AI Security Academy, and SANS for supporting the Forum. 👏 Software Improvement Group for donating the original threat model and initiating the AI Exchange Let’s make AI a success!

We’re excited to welcome Lukas Weichselbaum as our Opening Keynote for OWASP AppSec Days Portugal 2026 🇵🇹 At Google, Lukas bootstrapped the first AI Agent Security team and leads the Web Security team, shaping how security is built directly into browsers, frameworks, and the web platform itself. For over a decade, his work has influenced the foundations of modern web security - from standards like Content Security Policy and Trusted Types, to a broader shift towards secure-by-design approaches that aim to eliminate entire classes of vulnerabilities. What makes this particularly special is the scale and depth of that experience. Very few people have led AppSec initiatives that operate at this level — protecting billions of users and influencing the direction of the web itself. Having the chance to learn directly from that kind of work is rare. 👉 Full bio: https://lnkd.in/e2KiSSMf 📍 Porto, Portugal 🗓 September 23–24, 2026 More announcements coming soon. #OWASP #AppSec #AppSecDaysPT #WebSecurity #AI #CyberSecurity #Portugal

The OWASP events committee is planning a preview podcast about Global AppSec Vienna. What do you want to hear about? cc: Izar Tarandach Allison Shubert, MSIA, CISSP, CSSLP 🏳️🌈 Maria M. Harold Blankenship Erez Yalon ☁️Shira Shamban

🎉 Final call to submit to the CFP for our 2nd Virtual Conference! 🗓 Sept 22, 2026 | ⏰ 9 AM CST | 🌐 Virtual 🎤 Expert talks + practical sessions + regional chapter highlights Submit here 👉 https://lnkd.in/eQkWbJui ⏳ Closes May 1, 11:59 PM PDT #owasp #AppSec #Cybersecurity #CFP

DEF CON Singapore is just around the corner, and our amazing volunteers will be there representing the OWASP Singapore Chapter at Booth 402. Drop by to say hello, connect with the team, and learn more about what we’ve been working on. If you’ve ever been curious about our initiatives or how you can get involved, this is the perfect chance to chat with us in person. See you there! Here are our awesome volunteers : Yongqing Wang Waruna Hemakumara Sri Sabarinath Santhosh Baswa Onn Chee W. Ng Joon Wai Maria S. Kanika Jain Indrajeet Bhuyan Cecil Su

OWASP has adopted my open-source project, CVE Lite CLI. This is a huge milestone for the project. OWASP projects are widely used across the security community, and being included there raises the bar for what the tool should deliver going forward. CVE Lite CLI focuses on a simple idea: Make dependency vulnerability scanning something developers can actually use before release - not just something that runs in CI. - local lockfile scanning (npm, pnpm, Yarn) - clear separation of direct vs transitive issues - practical remediation guidance and fix plan I recently wrote about this problem space in InfoWorld: Is your Node.js project really secure? https://lnkd.in/erwAzvUi This OWASP step feels like a strong validation that this direction - lightweight, developer-first security tooling - matters. If you’re working with JS/TS projects, I’d appreciate feedback. GitHub: https://lnkd.in/e8XKzMad Website: https://lnkd.in/eMCSFdJ2

Announcing: the 🪨Rosetta Stone of AI security🪨 - for a single starting point to navigate the fragmented world of AI security standards as risks rapidly grow. The OWASP AI Exchange and OpenCRE have joined forces to connect and harmonize AI security standards and guidelines into one powerful, coherent resource. The result: ⚡ The AI Exchange now acts as a true central hub for AI security knowledge: each topic links directly to the most relevant sections in global standards. In OpenCRE, you can now browse and search AI security threats and controls, and quickly find the guidance you need. 🖇️ Using OpenCRE’s mapping capabilities, you can map standards to each other (for example, mapping MITRE ATLAS to NIST frameworks). 🧠 The OpenCRE AI chatbot can answer AI security questions using all combined standards and guidelines. What we did: 📒 By structuring the current state of the art and applying the AI Exchange threat model, we created a clear taxonomy of AI security threats and controls, now integrated into OpenCRE’s broader cybersecurity taxonomy - OWASP® Foundation’s ground truth. 🔎 A team led by Yuvaraj Govindarajulu analyzed major frameworks and mapped them onto this taxonomy, including National Institute of Standards and Technology (NIST), MITRE, the OWASP Top 10 for LLM Applications, European Union Agency for Cybersecurity (ENISA), BIML (Berryville Institute of Machine Learning), and ETSI. 💉 With support from Spyros Gasteratos, this mapping is now automatically inserted in the reference sections of the AI Exchange. Acknowledgements: 🤝 Many thanks to our sponsors Straiker, Casco (YC X25), and AI Security Academy, and to the many organizations we collaborate with - especially SANS Institute for being such a strong partner. 👏 This work would not have been possible without the leadership of Yuvi and Spyros, and the AI Exchange harmonization team: Elias Botterli Sørensen, Jolly Trivedi, Eder Marques, Iryna Schwindt, Behnaz Karimi, with reviewers Corina Pascu, Eryk Waligora 王艾瑞, CISM, and Sapna Paul. Special thanks as well to Disesdi Shoshana Cox and Rajiv Bahl for their extensive preparations. The current release is in beta. Next steps are: ironing out mapping details, streamlining AI integration, and adopting further standards with their makers and the community. Enjoy using this, and consider joining our efforts to help further build - links will be in the comments.

We’re thrilled to welcome Missie Lindsey to the OWASP Foundation as our new Director of Corporate Relations! 🎉 Missie brings strong B2B partnership expertise and a real talent for building long-term, value-driven relationships. She’ll play a key role in growing our corporate sponsorships, shaping new partnership tiers, and supporting the revenue that powers OWASP’s global open-source security mission. Please join us in giving her a warm welcome to the community! https://lnkd.in/e623n4BX #OWASP #NewAppointment #AppSec #opensource #Welcome

🚨 GIVEAWAY ALERT 🚨 Only 4 days left to join the raffle and win your ticket to the OWASP® Foundation Global AppSec EU conference in Vienna – worth €1,100! 🎟️ See details below! 👇🏽 #Giveaway #Raffle #AppSec #InfoSec #CyberSecurity #Vienna #OWASP

Join OWASP Global AppSec EU 2026 in Vienna, June 22–26, for hands-on training, epic talks, and networking with the best community vibes! Secure your spot 👉 https://lnkd.in/eqXgj2Xt #OWASP #CyberSecurity #InfoSec #FridayFeeling