by professionals, for professionals
Securing AI
Collaborative Solutions for Threat Detection and Risk Mitigation
Comprehensive guidance and alignment on how to protect AI against security threats – by professionals, for professionals. Part of the OWASP AI Security & privacy guide.
Quick links
Charter
Connect with us!
Contribute
Register
Media
Periodic table
AI Security Essentials
Discover the core principles of AI security, from threat detection to risk assessment.
Learn how to protect intelligent systems from vulnerabilities and ensure their safe deployment in real-world applications.
General controls
AI program: Install and execute a program to govern AI. Take responsibility for AI as an organization, by keeping an inventory of AI initiatives, perform risk analysis on them, and manage those risks.
Threats through use
Threats through use take place through normal interaction with an AI model: providing input and receiving output. Many of these threats require experimentation with the model, which is referred to in itself as an Oracle attack.
Development-time threats
This section discusses the AI security threats during the development of the AI system, which includes the engineering environment and the supply chain as attack surfaces.
Runtime application security threats
AI systems are IT systems and therefore can have security weaknesses and vulnerabilities that are not AI-specific such as SQL-Injection. Such topics are covered in depth by many sources and are out of scope for this publication.
Driving AI Security Collaboration
Shaping AI security through global collaboration.
The OWASP AI Exchange has open sourced the global discussion on the security of AI. It is an open collaborative project to advance the development of AI security standards and regulations, by providing a comprehensive overview of AI threats, vulnerabilities and controls. This content is feeding into standards for the EU AI Act, ISO/IEC 27090 (AI security), the OWASP ML top 10, the OWASP LLM top 10, and OpenCRE – which we want to use to provide the AI Exchange content through the security chatbot OpenCRE-Chat.
Our mission is to be the authoritative source for consensus, foster alignment, and drive collaboration among initiatives – NOT to set a standard, but to drive standards. In other words: be among the top bookmarks of professionals involved in AI security. By doing so, we provide a safe, open, and independent place to find and share insights for everyone. See AI Exchange LinkedIn page.
The AI Exchange is displayed here at owaspai.org and edited using a GitHub repository (see the links Edit on Github). It is is an open-source living publication for the worldwide exchange of AI security expertise, and part of the OWASP AI security & privacy guide project. It is structured as one coherent resource consisting of several sections under ‘content’, each represented by a page on this website.
OWASP AI Exchange by The AI security community is marked with CC0 1.0 meaning you can use any part freely without copyright and without attribution. If possible, it would be nice if the OWASP AI Exchange is credited and/or linked to, for readers to find more information.
Have questions or want to collaborate on AI security?
Get in Touch with Us
We’d love to hear from you! Whether you have inquiries, feedback, or ideas for collaboration, reach out to us and join the conversation on AI security.