Full episode and show notes

Inside the OWASP GenAI Security Project – Steve Wilson – ASW #352

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. Whether apps are created by genAI or directly use genAI, the future of securing software is going to be busy. Resources https://genai.owasp.org https://genai.owasp.org/llm-top-10/ LLM security book on Amazon at https://a.co/d/6LZoXxQ This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more...

This episode is sponsored by
Full Segment Notes

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. Whether apps are created by genAI or directly use genAI, the future of securing software is going to be busy.

Resources

This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more!

Guest
Co-chair, OWASP GenAI Security Project, CPO Exabeam at OWASP GenAI Security Project

Steve Wilson, Chief Product Officer at Exabeam, is a leader in Generative AI and cybersecurity, driving AI-powered cyber defense and securing AI systems. He founded and leads the OWASP Gen AI Project, defining industry standards for AI vulnerabilities. Author of O’Reilly Media’s “The Developer’s Playbook for Large Language Model Security,” he holds 11 patents and was named 2023 Cybersecurity Innovation Leader.

Announcements

  • Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!

List of Articles

Mike Shema

  1. A new breed of analyzers | daniel.haxx.se
  2. Hacking with AI SASTs: An overview of ‘AI Security Engineers’ / ‘LLM Security Scanners’ for Penetration Testers and Security Teams

    A summary of impressions on using different AI-assisted security scanners.

  3. Introducing CodeMender: an AI agent for code security – Google DeepMind
  4. CVE-2025-59489: Arbitrary Code Execution in Unity Runtime – GMO Flatt Security Research

    See also Notice for Unity Game Developers: CVE-2025-59489 - Steam News.

  5. Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition

    More info at ZeroDay Cloud and GitHub - wiz-sec-public/zeroday-cloud-2025.

  6. FUN: The Microsoft Excel superstars throw down in Vegas

    There's the famous business observation of, "This meeting could have been an email."

    For a SaaS vendor, one of the biggest challenges to making inroads to a company is trying to replace the spreadsheet that solves the same problem you do. The last thing you want is for someone to say, "This vendor could have been a spreadsheet."

    And lots of appsec relies on spreadsheets! From asset inventories to checklists to compliance crosswalks and more.

    So here's how to find where the truly expert spreadsheet engineers are. There's also a college division. And all of this is building towards the Excel World Championship in December.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds