OWASP AI Exchange

The biggest threat in Agentic AI? Cross-user prompt injection. Here’s the perfect storm: 1️⃣ It takes only one malicious instruction in any of the input data to perform a prompt injection that manipulates your agent running in the security context of a privileged user (say an admin). 2️⃣ There is hardly a watertight way to detect prompt injections. 3️⃣ You may have incident response and see something suspicious, but if the attack extracts sensitive data, you are already too late. 4️⃣ It is in developers' interest to allow agents to do many things (such as running commands) - increasing the attack surface. 5️⃣ It is in developers' interest to provide agents with access to many systems and data - increasing the blast radius. 6️⃣ Agents are there to communicate with the world, so there's typically a way to send extracted information to the outside. What to do based on the above? 💉 Limit agents' access to untrusted data dynamically - depending on the task at hand 🔍 At least do your best on in-line prompt injection detection (both input and output). There's a duty of care. 🤝 Let dev and ops work together on prompt injection alerts and runbooks. 🛑 Instruct developers and admins to harden agents in system access and in actions allowed. Zero model trust makes blast radius control critical! 🏰 Maximise defence in depth by regarding all your agents as potential malicious actors. The attached picture is a slide from a Software Improvement Group training I regularly provide, based on the OWASP AI Exchange. 1. attacker creates a public issue in a programming platform, with an instruction 2. a developer asks agentic AI to summarize new issues 3. the issue gets processed by an agent that also executes the instruction 4. that malicious instruction retrieves a secret token and sends it to the attacker Easy. This could have been prevented by hardening the agent for the task of summarizing issues. You don't need to send emails for that. The key is to incentivize admins and developers to actually perform this hardening, as it does not make their lives easier. For more information, use the OWASP AI Exchange and learn for example about Simon Willison's lethal trifecta as a threat model. Good luck! #ai #agenticai #security

Here’s what I learned from teaching 40 top executives about AI. Last week I taught an AI security program for @Polynome and Abu Dhabi School of Management (ADSM) to senior leaders. I came home with a notebook full of insights — here are the ones worth sharing: 🔹 1. A global open-source gem is hiding in plain sight The Falcon family of GenAI models, built in the UAE, is world-class and quite open. Yet almost none of my clients mention it. It deserves far more attention globally. 🔹 2. The UAE is not “catching up” — it’s competing at the top The country is building a strong AI ecosystem, attracting global talent, and moving with impressive speed. It ranks among the most ambitious AI nations in the world. 🔹 3. The OWASP AI Exchange is becoming a true common language Again it proved to be the most practical foundation for teaching AI security. The community behind it continues to make a big difference. 🔹 4. Even an AI chicken farm can reveal real vulnerabilities We ran a security attack exercise on an AI-powered chicken farm. Chickens may not have privacy, but the group still identified three real AI weaknesses. Lesson: taking 5 minutes to ask “what could go wrong?” always pays off. 🔹 5. Every organisation thinks it’s behind in AI And the truth? Everybody is struggling. This is reassuring for many leaders and worth repeating. 🔹 6. It’s okay not to have an answer One of the most honest lessons: Professionals do not need to improvise answers to AI questions. Admitting “I get back to you later” builds more trust than pretending. 🔹 7. The UAE Cybersecurity Operations Center is straight out of science fiction His Excellency Dr. Al Kuwaiti gave us an exclusive tour. Imagine wall-to-wall screens showing live cyber attacks around the world. It feels like standing on the bridge of the USS Enterprise. 🔹 8. And yes — the Fajr Adhan still gives me goosebumps It wakes you early, but it remains one of the most beautiful sounds to start the day with. Huge congratulations to the inaugural cohort. And thank you Polynome, Dr. Ahmed Dabbagh and the crew for the warm hospitality. #ai #aisecurity Software Improvement Group OWASP® Foundation

AI is changing the game for small and midsize businesses (SMEs). It brings new ways to grow, create, and connect. But here’s the truth: digital transformation without safety can put everything at risk. That’s why IWWOF would like to invite you to this event: “AI Safety Isn’t Optional in Today’s Cybersecurity Landscape for SMEs.” Together, we’ll explore: 🔹Why AI safety needs to be part of your cybersecurity culture   🔹How everyday AI tools can expose sensitive data (and what to do about it) 🔹Practical steps to make AI safety part of your cybersecurity culture Whether you’re already using AI or just getting started, this session will help you feel confident, secure, and ready to lead your business into the future. ✨ Event info:  📅Date: 13.11.2025 ⏰Time: 16:30 to 17:30 📍Venue: Business Turku, Tykistökatu 4 B, ElectroCity (Street level), 20520 Turku. 🌍Mode: Hybrid. 🔗Link for online participation: https://lnkd.in/ghyZpRfk 👉 Register for on-site participation: https://lnkd.in/gWhSf3KQ Let’s build a safer, smarter future together! #AI #AISafety #Cybersecurity #SMEs #DigitalTransformation #IWWOF

Thanks Disesdi Susanna Cox 🕷️for your paper on quantifying the attack space for AI systems. Really interesting approach instead of just putting various language attacks and hoping for the best. I made a video with NotebookLM that helped me understand it, so thought it might help others. I did read the paper afterwards to validate its accuracy. Original paper : https://lnkd.in/eXWd7hew

Today we are releasing a new episode with Iryna Schwindt - Lead Secure-by-Design Manager at Vodafone Group, where she embeds security controls and guardrails across digital channels and AI-driven products serving millions of users. With a career spanning role in cybersecurity engineering, risk management, and cloud security across Azure, AWS, and GCP, Iryna has become a leading voice on AI risk management, AI red teaming, and responsible AI implementation. During our conversation, she shares her inspiring journey into cybersecurity—from her early research on cryptography and embedded systems to leading Vodafone’ secure AI initiatives—and provides actionable advice for women entering or advancing in this dynamic field. Full episode: https://lnkd.in/gFf4KFi4 #WCP #womenincybersecurity #security #ai #career