AI in AppSec takes center stage: What to watch for at Black Hat USA 2025

As AI adoption accelerates across the software development lifecycle, so too do concerns about the security of applications built with — and powered by — large language models and autonomous agents. At Black Hat USA 2025, these concerns are being addressed more directly than in prior years, with OWASP’s GenAI Security Project now playing a central role in defining how the cybersecurity industry approaches risk in AI-enabled applications.

OWASP’s GenAI Security Project comes into focus

OWASP formally elevated its GenAI Security Project to flagship status earlier this year, and the group is using Black Hat as a platform to showcase its most recent outputs. These include:

Together, these materials aim to give application security and DevSecOps teams a roadmap for integrating AI into secure development practices. OWASP is also hosting a dedicated GenAI Security Briefing + Beer event on August 9 for in-person discussion and networking.

Related: OWASP Unpacks GenAI Security’s Biggest Risks to LLMs

AI AppSec themes broaden in the Black Hat agenda

While OWASP’s contributions are technically community-led, their influence is increasingly visible in the broader Black Hat program. Several sessions in the conference’s AI Summit touch on application-layer risks related to AI adoption, including:

These sessions, while not branded as OWASP-led, reflect many of the concerns captured in the GenAI Security Project’s guidance — including the challenges of securing data pipelines, ensuring provenance in model inputs and outputs, and designing for interpretability and auditability.

Related: Why AI Breaks the Traditional Security Stack—and How to Fix It

Broader industry context

The interest in AI security at Black Hat coincides with a significant uptick in real-world adoption. According to recent industry reports, more than 70% of organizations are now experimenting with LLMs internally, with many integrating them into customer-facing applications. However, secure deployment practices have lagged behind, particularly in the areas of input validation, prompt hardening, and plugin control.

OWASP’s Top 10 list attempts to standardize how these risks are categorized — a useful counterbalance to what some researchers see as a fragmented tooling landscape. As one SC World contributor put it, “It’s not enough to say ‘don’t prompt inject’—we need to define what defenses look like across the full stack.”

Related: OWASP’s Playbook for Preventing AI Data Leaks

Vendor participation aligns with OWASP guidance

Several vendors are also showcasing tools that map loosely or directly to OWASP’s latest frameworks. AppOmni, for instance, is presenting a session on securing SaaS environments that include GenAI modules, while Microsoft, a major conference sponsor, is emphasizing responsible AI integration across its Defender and Purview platforms.

Related: Podcast: Securing the AI SDLC with Niv Braun

Standardization vs. real-world fit

OWASP’s work may help close a critical gap: the absence of standardized, widely accepted controls for LLM and agentic AI security. Still, the real test will be adoption. So far, much of the project’s momentum has been concentrated in forward-leaning communities — AI red teamers, MLOps specialists, and AppSec architects. For the broader enterprise security audience, the challenge lies in operationalizing these guidelines at scale.

Whether the OWASP framework becomes as ubiquitous as its traditional Top 10 remains to be seen, but its presence at Black Hat — both in sessions and vendor narratives — suggests growing alignment between community-driven standards and enterprise needs.