Application Security

Mastering Application Security: Your Resource for Secure Development, Testing, Code Analysis, and More.

Content Partnership: OWASP Logo SC Media Logo

Close-up of Hands Typing on Keyboard with AI Graphics and Symbols Representing Technology, Innovation, and Digital Communication

OWASP guides defenders on the new risks posed by AI agents

OWASP GenAI Security Project Team December 29, 2025

OWASP Top 10 flags agentic AI risks — tool abuse, rogue agents, backdoored coding assistants.

Today's Top AppSec Headlines

Interviews from OWASP Global AppSec USA 2025

Risk Assessments/Management
AIVSS: Do we need a new Risk Management Approach in the era of Agentic AI? – Ken Huang – OWASP25 #2
AI/ML
From Transparency to Trust: Shaping AI Security with OWASP AIBOM & AI Exchange – Aruneesh Salhotra – OWASP25 #2
Supply chain
The future of CycloneDX and software transparency – Steve Springett – OWSP25 #2
Training
OWASP 2025 Wrap-Up: Community, AI Security, and the Future of AppSec – Avi Douglen – OWSP25 #2
Training
CyberRisk TV Live from OWASP Global AppSec 2025 – Allan Friedman – OWSP25 #1
Governance, Risk and Compliance
Use OWASP SAMM for CRA compliance – Sebastien Deleersnyder – OWSP25 #1
AI/ML
Beyond the Firewall: Why Traditional Web Security Still Matters in the AI Era – Felipe Zipitria – OWSP25 #1
Leadership
Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1
AI/ML
Secure Coding in the Age of AI – James Manico – OWSP25 #1
Application security
Threat Modeling and The Four Question Framework – Adam Shostack – OWSP25 #1
Application security
GenAI Security From Assessment to Action – Sandy Dunn – OWSP25 #1
Application security
Agentic Security Risks – John Sotiropoulos – OWSP25 #1

Application Security: Explained and Explored

Application Security News

Application security

Anthropic: Latest Claude model finds more than 500 vulnerabilities

Laura FrenchFebruary 6, 2026

The AI company says all bugs were validated by human researchers to weed out false positives.

Coding background, Application development and code programming. Technology business computers concept

Application security

VS Code config files abused to launch RCEs via GitHub Codespaces

Steve ZurierFebruary 5, 2026

Experts point out that exploited VS Code presents supply chain, credential theft, and network access risks.

AI/ML

OpenClaw agents targeted with 341 malicious ClawHub skills

Laura FrenchFebruary 4, 2026

Most of the malicious skills deployed malware consistent with Atomic Stealer on Mac machines.

Identity

2026 Identity Security: Governing AI agents, NHIs and MCP access

Focusing on Proactive Controls in the Face of LLM-Assisted Malware – Rob Allen – ASW #368

February 3, 2026

Everyone is turning to LLMs to generate code, including attackers. Thus, it's no great surprise that there are now examples of malware generated by LLMs. We discuss the implications of more malware with Rob Allen and what it means for orgs that want to protect themselves from ransomware. Resources https://www.bleepingcomputer.com/news/security/...