The OWASP GenAI Security Project just shipped its biggest update since the original LLM Top 10 in 2023 — and this time, agentic AI is the explicit target. Four new resources, a week of RSAC programming, and a live agentic AI Capture the Flag competition signal that the volunteer-driven security community is keeping pace with an industry that can’t ship governance fast enough.
Released March 19, the resources land four days before RSAC 2026 opens in San Francisco. Here’s what matters.
Four New Resources That Actually Help
1. Updated AI Security Solutions Landscape (Q2 2026)
The project’s reference map of the LLM and GenAI security ecosystem gets two critical additions:
- Updated vendor and tooling documentation covering the explosion of products we’ve seen in recent months — from Salt Security’s Agentic Security Graph to AWS Bedrock AgentCore Policy to Singulr Agent Pulse
- Agentic red teaming taxonomy — a structured, lifecycle-wide framework for identifying, measuring, mitigating, and governing AI risk through coordinated adversarial testing
The red teaming taxonomy is the piece the industry has been missing. We have frameworks for what can go wrong (OWASP Top 10 for Agentic Applications). We have standards for how things should work (NIST agent security). What we didn’t have was a structured approach to testing agentic systems adversarially. Now we do.
2. GenAI Data Security Risks and Mitigations for 2026
Covers the data layer end-to-end: training datasets, fine-tuning data, user prompts, and model outputs. Identifies specific risks at each stage with practical mitigation strategies.
This matters because most agentic security discussions focus on runtime behavior — what the agent does. But the data that shapes the agent’s reasoning is equally critical. A model trained on improperly collected data isn’t just an ethical problem — as the FTC enforcement playbook made clear, it’s a legal one. The FTC can order models to be deleted.
3. Guide for Secure MCP Server Development
Actionable guidance for the piece of infrastructure that connects AI agents to everything else. MCP servers are the critical connection point between AI assistants and external tools, APIs, and data sources.
For OpenClaw users, this is directly relevant. Every skill that connects to an external service goes through MCP or equivalent protocols. The guide covers authentication, authorization, input validation, and output sanitization — the basics that one-third of existing MCP servers still get wrong.
4. AIBOM Generator
An open-source tool for generating AI Bills of Materials — the AI equivalent of software SBOMs. As enterprises scale agent deployments and regulators demand supply chain transparency, knowing exactly what’s in your AI stack becomes non-optional.
The Community Behind the Frameworks
The OWASP GenAI Security Project now has 25,000+ members. Eight new sponsors joined ahead of RSAC: Apiiro, Capsule, F5, Fujitsu, NeuralTrust, Starseer, Straiker, and Tellus Digital.
But the more telling signal is what happened to previous sponsors:
- SPLX → acquired by Zscaler
- Pangea → acquired by CrowdStrike
- Calypso AI → acquired by F5
- Lakera → acquired by Check Point
- Prompt Security → acquired by SentinelOne
Five sponsor alumni, five acquisitions by the largest security companies in the world. OWASP’s framework didn’t just define the problem space — it created the market map that the acquirers used to identify targets.
RSAC 2026 Programming: The Agentic Hackathon
The standout event is the OWASP GenAI Security Open Workshop & Agentic Hackathon on March 25:
- Organizations implementing the OWASP Agentic Top 10 present real-world case studies
- Live hackathon using the FinBot Agentic AI Capture the Flag application
- Free and open to all attendees
A CTF specifically designed around agentic AI vulnerabilities is exactly what the red team community needs. It’s one thing to read about agent-to-MCP SSRF chains or SOUL.md persistence attacks. It’s another to exploit them hands-on in a governed environment.
Full RSAC schedule:
- Mon Mar 23 — Kickoff Party (hosted by Straiker.ai)
- Tue Mar 24 — Expert Sessions
- Wed Mar 25 AM — GenAI Security Summit (Moscone South 303, ExpoPlus pass required)
- Wed Mar 25 PM — Workshop + Agentic Hackathon (free, DigitalJungleSF)
- Wed Mar 25 Eve — Jungle Party (hosted by F5, free)
Why This Matters Beyond RSAC
Scott Clinton, OWASP GenAI Security Project co-chair: “AI and agentic systems are no longer emerging technology. They are production reality, and the security community is still racing to catch up.”
The cadence tells the story. The original LLM Top 10 shipped in late 2023 when most organizations were experimenting with chatbots. The Agentic Top 10 followed as agents moved to production. Now, 18 months later, we have red teaming taxonomies, MCP security guides, and data security frameworks — each responding to real incidents:
- MCP server guide → responds to the Atlassian RCE and one-third SSRF vulnerability rate
- Data security guide → responds to FTC enforcement actions and training data litigation
- Red teaming taxonomy → responds to the reality that 87% of AI-agent PRs have security bugs and organizations need structured ways to find them before attackers do
- AIBOM generator → responds to supply chain attacks like ClawHavoc where knowing what’s in your stack is the first line of defense
For OpenClaw Users
Three immediate action items:
- Read the MCP server guide — if you’re building or consuming OpenClaw skills, this is your security checklist
- Review the Agentic Top 10 — map your agent’s architecture against the risk categories
- Try the FinBot CTF — when it becomes available, it’s the best hands-on way to understand what attackers see when they look at your agent
OWASP doesn’t sell products. They don’t have quarterly earnings to protect. When 25,000 security practitioners volunteer their time to write frameworks, it’s because the problem is real and the existing guidance isn’t enough.
The frameworks are here. The hackathon is happening. The question is whether your agent security practice will keep up.