InfoSecBulletin Cybersecurity for mankind
OWASP has released new guidelines for securing AI applications that use large language models. The guidance, released on July 28, provides technical recommendations for builders and developers of AI agents, particularly targeting AI/ML engineers, software developers, security experts, and AppSec professionals.
“As AI systems evolve toward more autonomous, tool-using, and multi-agent architectures, new security challenges emerge that traditional AppSec can’t handle alone. That’s why the OWASP Gen AI Security Project has published the Securing Agentic Applications Guide v1.0, the most comprehensive and actionable open source security resource yet for Agentic AI developers and defenders,” OWASP wrote on a LinkedIn post.
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
A new resource has been created due to the rising use of AI agents in organizations. AI agents can work independently and share data or results with other AI tools.
These tools function faster than older LLM-based systems and don’t require human prompts. They can adjust to changing environments automatically. The absence of human oversight raises serious security issues, particularly with AI applications in coding and system configuration.
Experts warn that technology will enable cybercriminals to automate more aspects of cyberattacks, including account takeovers.
Agentic AI Security Focus Areas
The OWASP guidance covers security across the full agentic AI development and deployment lifecycle.
Securing agentic architectures: The guidance highlights the importance of including security in the architecture, focusing on user permissions and authentication, such as asking for credentials when tasks require user interaction with their browser or computer.
Design and development security: This section focuses on steps to prevent AI models from being misused or behaving unexpectedly.
Enhanced security actions: Organizations are advised to add extra security tools and measures to their systems to reduce risks from AI agents, such as using OAuth 2.0 for permissions and authorization, managing identities to avoid storing passwords, and encrypting sensitive data.
Supply chain security: Organizations should reduce risks from third-party code in agentic AI by managing data access and checking for code vulnerabilities.
Assuring agentic applications: The guidance recommends conducting regular red teaming exercises to uncover vulnerabilities and potential attack vectors in agentic systems
Securing deployments: Basic security measures should be implemented in production environments to protect AI agents.
Runtime hardening: Security teams should mix standard VM security measures with specific controls like sandboxing, audit tracking, and runtime behavior monitoring
