AppSec Conversations on Agents, LLMs, and OWASP from RSAC – Scott Clinton, Janet Worthington, Merritt Maxim – ASW #384
We showcase recordings from this year's RSAC.
At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026.
Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what’s different or special about securing agent identities.
We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike.
Segment Resources:
- https://genai.owasp.org
- https://genai.owasp.org/resources/
- https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381
This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them!
Scott Clinton is Co-Chair and Co-Founder of the OWASP GenAI Security Project, leading strategy, operations, and growth. A 25+ year industry executive and 20-year open source leader, he has built and scaled open source businesses and industry consortiums across security, DevOps, AI/ML, and data markets. Scott is a published author and research lead, including the Gen AI Security Landscape and AI Security Center of Excellence Guide. Scott also holds multiple board and advisory roles with technology companies helping guide organization scale and growth.
Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.
Merritt leads Forrester’s Security & Risk research team focused on cloud security, identity security, endpoint security, and proactive security. As research director, Merritt leads a team of analysts who publish research, deliver thought leadership, and conduct client advisories on cutting-edge topics related to cloud security, identity and access management (IAM), endpoint security, IoT/OT security, vulnerability management, and proactive security. Merritt has spoken at industry events such as the RSA Conference and Cloud Identity Summit, and his insights are widely cited in publications such as the Wall Street Journal, Dark Reading, and CSO Online. Merritt’s research focuses on identity security, physical security, cybersecurity M&A, and overall cybersecurity market trends and growth.
