Skip to main content

OWASP Top Ten

Risk & governance

The Open Web Application Security Project’s periodically updated list of the most critical web application security risks—baseline vocabulary for secure AI-augmented coding.

The OWASP Top 10 names classes like injection, broken access control, and security misconfiguration. AI-generated code can recreate classic mistakes faster—pair secure design with static analysis and tests.

With AI-specific risks

Also study prompt injection and unsafe tool use; OWASP covers the web layer, not the whole AI threat model.