As artificial intelligence transforms every sector of modern business, the security community faces an urgent challenge: how do we protect systems we can't fully see or understand? In this fireside chat, Aruneesh Salhotra, Project Lead for OWASP AIBOM and Co-Lead of OWASP AI Exchange, discusses two groundbreaking initiatives that are reshaping how organizations approach AI security and supply chain transparency.
OWASP AI Exchange has emerged as the go-to single resource for AI security and privacy, providing over 200 pages of practical advice on protecting AI and data-centric systems from threats. Through its official liaison partnership with CEN/CENELEC, the project has contributed 70 pages to ISO/IEC 27090 and 40 pages to the EU AI Act security standard OWASP, achieving OWASP Flagship project status in March 2025.
Meanwhile, the OWASP AIBOM Project is establishing a comprehensive framework to provide transparency into how AI models are built, trained, and deployed, extending OWASP's mission of making security visible to the rapidly evolving AI ecosystem.
This conversation explores how these complementary initiatives are addressing real-world challenges—from prompt injection and data poisoning to model provenance and supply chain risks—while actively shaping international standards and regulatory frameworks. We'll discuss concrete achievements, lessons learned from global collaboration, and the ambitious roadmap ahead as these projects continue to mature and expand their impact across the AI security landscape.
Segment Resources: https://owasp.org/www-project-aibom/ https://www.linkedin.com/posts/aruneeshsalhotraowasp-ai-aisecurity-activity-7364649799800766465-DJGM/?utmsource=share&utmmedium=memberios&rcm=ACoAAAAVlkQBn3JJz-36YONp_8I-8C89fuY7rMg https://www.youtube.com/@OWASPAIBOM https://www.youtube.com/@RobvanderVeer-ex3gj https://owaspai.org/
This interview is sponsored by the OWASP GenAI Security Project. Visit https://securityweekly.com/owaspappsec to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference!
I’m a seasoned technologist and servant leader with extensive expertise across cybersecurity, DevSecOps, AI, Business Continuity, Audit, and Sales. My impactful presence as an industry thought leader is underscored by my contributions as a speaker and panelist at leading industry events including RSA, CactusCon, Harvard, QA Forum, ADDO, Palo Alto Ignite, ISACA, OWASP, Open Source Congress, IAPP, InfoSec World, and Machines Can See (Dubai). My engagement with key security bodies like OWASP, IEEE, CFF, PBC, and IAPP significantly shapes security policies and promotes better cybersecurity practices.
I serve in leadership roles across multiple OWASP initiatives including AI Exchange, AIBOM (AI Bill of Materials), Serverless Top Ten Project, CRA, GenAI Lead Author as well as IEEE Next Gen Cyber Security. As a distinguished board advisor across many security and AI companies, Angel Investor and limited partner in several venture capital firms specializing in cybersecurity, I provide strategic direction to startups and established organizations navigating the complex intersection of security and AI. I’m also an active member of InfraGard in the NY Metro Chapter.
I leverage my credentials—including CISSP, C-CISO, GCISO, AWS, and Kubernetes—to bridge technical excellence with business strategy. I have a proven record of building communities around topics relevant to Cyber Security and AI, believing deeply in making security accessible and actionable for all.
