InfoSecBulletin Cybersecurity for mankind
OWASP has released new guidelines for securing AI applications that use large language models. The guidance, released on July 28, provides technical recommendations for builders and developers of AI agents, particularly targeting AI/ML engineers, software developers, security experts, and AppSec professionals.
“As AI systems evolve toward more autonomous, tool-using, and multi-agent architectures, new security challenges emerge that traditional AppSec can’t handle alone. That’s why the OWASP Gen AI Security Project has published the Securing Agentic Applications Guide v1.0, the most comprehensive and actionable open source security resource yet for Agentic AI developers and defenders,” OWASP wrote on a LinkedIn post.
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
Threat Actors Fake FIFA Sites to Steal Personal Info
A new resource has been created due to the rising use of AI agents in organizations. AI agents can work independently and share data or results with other AI tools.
These tools function faster than older LLM-based systems and don’t require human prompts. They can adjust to changing environments automatically. The absence of human oversight raises serious security issues, particularly with AI applications in coding and system configuration.
Experts warn that technology will enable cybercriminals to automate more aspects of cyberattacks, including account takeovers.
Agentic AI Security Focus Areas
The OWASP guidance covers security across the full agentic AI development and deployment lifecycle.
Securing agentic architectures: The guidance highlights the importance of including security in the architecture, focusing on user permissions and authentication, such as asking for credentials when tasks require user interaction with their browser or computer.
Design and development security: This section focuses on steps to prevent AI models from being misused or behaving unexpectedly.
Enhanced security actions: Organizations are advised to add extra security tools and measures to their systems to reduce risks from AI agents, such as using OAuth 2.0 for permissions and authorization, managing identities to avoid storing passwords, and encrypting sensitive data.
Supply chain security: Organizations should reduce risks from third-party code in agentic AI by managing data access and checking for code vulnerabilities.
Assuring agentic applications: The guidance recommends conducting regular red teaming exercises to uncover vulnerabilities and potential attack vectors in agentic systems
Securing deployments: Basic security measures should be implemented in production environments to protect AI agents.
Runtime hardening: Security teams should mix standard VM security measures with specific controls like sandboxing, audit tracking, and runtime behavior monitoring
