Skip to content

WIP

Agentic & Generative AI
Agent Name Service (ANS) A framework for AI Agent discovery from OWASP's GenAI Security Project, inspired by DNS.
AI Vulnerability Scoring System (AIVSS) A quantitative vulnerability assessment framework from OWASP's GenAI Security Project, specifically for Agentic AI systems. Currently in draft status.
Multi-Agentic System Threat Modeling Guide (MAESTRO) A structured threat taxonomy for Agentic AI and Mutli-Agent Systems; introduces a layered framework for modeling threats across architectural domains.
Model Context Protocol (MCP) Security CSA community project providing guidance and best practices for securing MCP deployments.
Threat Defense COMPASS A tool and methodology for helping organizations structure defenses agains threats in generative AI systems, from OWASP's GenAI Security Proejct.
Red Teaming Guide A playbook from OWASP's GenAI Security Project for evaluating GenAI systems across application layers to surface security risks.
Top 10 for LLM Applications 2025 Catalog of the most critical risks specific to LLM-based systems. 2025 version, from OWASP.
General Guidance
Regulations & Policy
CA ADS Regulations Automated Decision System rules, transparency, consumer protection
Colorado AI Act Risk-based AI system classification, provider obligations, enforcement
EU AI Act Prohibitions, high-risk system compliance, conformity assessments
U.S. Executive Order 14179
Standards
AIUC 1 US baseline controls for trustworthy AI
ISO/IEC 23894:2023 AI risk management
ISO/IEC 42001:2023 AI management system standard (AIMS)
ISO/IEC 42005:2025 Governance of AI ecosystems
ISO/IEC TR 24027:2021 Bias in AI systems guidance
Tools
AI Incident Database Repository of AI incidents; lessons learned
Garak Automated red-teaming for LLMs
Nemo Guardrails Define, enforce safe conversational flows for LLM or agentic applications
Promptfoo Prompt evaluation & regression testing
PyRIT Pen-testing framework for generative AI