OWASP joins the US AI Safety Institute Consortium (AISIC) at its launch to support collaborative efforts to safeguard AI.


John Sotiropoulos

Thursday, February 8, 2024

The rapid evolution of artificial intelligence (AI) technologies presents unprecedented opportunities and challenges. As AI tools and applications reshape our society, ensuring their safety and trustworthiness becomes critical.

In response, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) is launching the U.S. AI Safety Institute Consortium (AISIC). This initiative represents a significant step towards creating safe and reliable AI by bringing together a diverse group of participants, including Fortune 500 companies, academic teams, non-profit organizations, and government agencies.

The OWASP Foundation, renowned for its contributions to application security, is taking a pivotal step by joining the AISIC with a joint membership of two of its most impactful AI projects: The OWASP AI Exchange and the OWASP Top 10 for Large Language Model (LLM) Applications.

Both projects are central to OWASP’s mission to safeguard AI and have already been at the forefront of identifying and mitigating security risks in AI systems and actively seeking standards alignment. The joint membership allows us to combine the strengths of the two projects and offer unique contributions to the consortium.

The OWASP AI Exchange has already been influential with its submissions for the EU AI Act. The project serves as a unifying reference model, bridging predictive AI and generative AI with mappings to various standards, including OWASP projects. It aims to consolidate global AI security discourse through expert submissions and standard alignment. As a result, it is becoming the canonical compass for understanding and navigating AI threats, vulnerabilities, and controls. With its recent 0.8 release, the project continuous to build around its popular Threats and Controls navigator, Risks and Threats Matrix with material on AI Programs and expands its standards mapping with discussions on the role of the ISO/IEC 5338 standard for AI engineering best practices, comparing it to 42001. This initiative is instrumental in driving consensus and collaboration across AI security initiatives, aligning with the EU AI Act, CEN/CELENEC, ISO/IEC 27090, CSA and other standards organizations.

The immensely popular OWASP Top 10 for LLM Apps, on the other hand, aims for depth in assessing the emerging field of generative AI, offering practical and actionable advice. With over 800 members, Its v1.x enjoyed widespread adoption across industry sectors and organizations. Only last month, it was the Number One security recommendation of the UK’s comprehensive Government Generative AI Framework.

The project is at the cutting edge of assessing the impacts of generative AI technologies, including the effects on security itself, debating traditional assumptions around security and safety that have become outdated in the era of generative AI, thus introducing the first OWASP AI Safety item, LLM09 overreliance. Similarly, it has expanded its audience from developers and security practitioners to CISOs and other security decision-makers with its LLM Security Governance Checklist.

Following the widespread adoption of 1. x, the project is embarking on its 2.0 major update to adopt a data-driven approach and reflect lessons from adoption while researching rapid advancements such as multimodal AI, open source, open weight LLMs, and supply-chain verification, while continuing to debate the intersection of security with safety and ethics.

Together, these two OWASP projects provide a comprehensive AI security and safety framework and mapping standards while offering practical guidance on new AI developments. The two projects share membership and have proactively and regularly engaged with other standards organizations (CSA, NIST, MITRE), national security agencies, and AI Security vendors to ensure alignment and foster collaboration.

Our collaboration with the AISIC amplifies this mission, leveraging OWASP’s global network of experts to support AISIC’s R&D endeavors with deep expertise. This partnership ensures that the work of the AISIC reaches a broad audience, including builders, defenders, CISOs, and technology leaders, making its findings accessible and actionable.

OWASP is excited to join AISIC, a powerful initiative to facilitate the collaboration of those on the frontlines of AI safety, focusing on R&D that underpins future standards and policies supporting secure, safe, and trustworthy AI systems.

NIST’s contributions to the Adversarial AI taxonomies and mitigations and its AI RMF (Risk Management Framework) are a solid foundation and one OWASP has been discussing closely with NIST and the Trustworthy AI community.

As OWASP is joining forces with the AISIC, we are positioned to influence the future of AI safety and security significantly. The comprehensive approach of combining the OWASP AI Exchange’s canonical reference model with the OWASP Top 10 for LLM Apps’ focus on generative AI, ensures that we can navigate the complexities of AI security with nuanced, forward-thinking strategies. This collaboration is a testament to OWASP’s commitment to fostering open standards for AI security, setting a new benchmark for safe and trustworthy AI development.

OWASP’s participation in the AISIC is a critical step forward in the journey towards secure and ethical AI. By combining expertise in AI security with the consortium’s broad collaborative network, we are paving the way for innovations that are secure, responsible, and aligned with societal values.

Together, we are creating a safer digital future, ensuring that AI technologies benefit society while mitigating risks.