The OWASP GenAI Security Project publishes security guidance and educational resources for generative and agentic AI systems. It helps runtime teams translate threat categories into concrete controls around tools, data exposure, excessive agency, memory, and policy enforcement.
At a glance
- Organization
- OWASP
- Runtime role
- Security guidance project
- Category
- Security and Governance
- Official documentation
- Visit official documentation opens in a new tab
Where it fits in the runtime stack
Layer 5 and cross-layer governance: security and trust boundaries for AI-enabled application runtimes.
Primary runtime role
Use OWASP GenAI resources as a security taxonomy and control-mapping input for runtime design reviews.
Not the same as
OWASP guidance is not a runtime product or an automatic compliance certification.
Integration notes
- Map identified risks to deterministic controls rather than prompt-only instructions.
- Use risk categories to drive test cases, red-team scenarios, and operational alerts.
- Review guidance periodically because threat lists and agentic patterns evolve.
Questions before production use
- Which OWASP GenAI risks apply to this runtime layer?
- What controls exist before high-impact tool calls execute?
- How are prompt-injection findings turned into regression tests?
Review and deprecation posture
This profile is reviewed as part of the aRuntime.com quarterly resource audit. If the official documentation moves, the project is archived, or the resource changes scope, this page should be updated with a dated status note rather than silently removed.
Sources and further reading
- OWASP GenAI Security Project opens in a new tab — OWASP; official project documentation; accessed 2026-06-20 UTC.
Last reviewed: .