The Open Web Application Security Project’s periodically updated list of the most critical web application security risks—baseline vocabulary for secure AI-augmented coding.
The OWASP Top 10 names classes like injection, broken access control, and security misconfiguration. AI-generated code can recreate classic mistakes faster—pair secure design with static analysis and tests.
With AI-specific risks
Also study prompt injection and unsafe tool use; OWASP covers the web layer, not the whole AI threat model.
