AI & Machine Learning

OWASP Unveils Framework to Gauge Agentic AI Security Maturity

Analyst 207||Source: InfoSecMag
Expert researcher examines device in modern office space with natural light.

“Most organizations are deploying agents faster than they can govern them.” — Ariel Fogel, AI security researcher at Pillar Security’s Office of the CTO, co‑lead on the OWASP GenAI Security Project

OWASP releases an operational "Enterprise Adoption Maturity Model"

The Open Worldwide Application Security Project (OWASP) published a new agentic AI security maturity framework in the GenAI Security Project paper State of Agentic AI Security and Governance on June 3, and introduced it on June 4 at the OWASP GenAI Security Summit held during Infosecurity Europe 2026. The guidance, branded the “Enterprise Adoption Maturity Model,” is presented as a practical decision tool rather than another, ever‑growing catalog of rules.

How the framework maps deployments and governance

The model maps the problem across two linked dimensions. One axis describes what organizations are deploying — from shadow AI and vendor‑embedded assistants up to custom, multi‑agent and federated systems. The other axis measures governance maturity, from ad hoc approaches through continuous monitoring and automated enforcement.

OWASP’s co‑lead Ariel Fogel warned that governance is often still calibrated to AI copilots while teams are shipping custom and multi‑agent systems. The framework therefore encourages teams to place each agentic workflow on the deployment axis and then check whether governance maturity lines up. If governance is insufficient, the paper points to two concrete responses: invest in controls designed for agentic systems, or reduce the agent’s permissions and autonomy until existing controls suffice.

Six agent adoption levels — AT0 through AT5

  • AT0 – Shadow AI: No organizational awareness or approval; users self‑adopt tools outside governance.
  • AT1 – Vendor embedded assistant: Fully vendor‑controlled — you consume it, you do not build it.
  • AT2 – Platform integrated: AI‑native platform with your data that cannot execute arbitrary code.
  • AT3 – Citizen developer agent: Low‑code/no‑code platforms where users configure flows and prompts, with actions on real organization data.
  • AT4 – Code executing agent: Agents that generate and execute code with local or cloud privileges.
  • AT5 – Custom in‑house agent: Fully built in house, with control over identity, tools and boundaries.

Four governance maturity levels — Level 0 through Level 3

  • Level 0 – Unaware and ad hoc: No formal recognition of agentic AI’s distinct risks; shadow IT experiments lack policies, AI‑software bills of materials (AI‑SBOMs) or guardrails; oversight is informal with minimal logging and generic incident handling.
  • Level 1 – Experimentation without guardrails: Pilot projects and small workflows lack defined autonomy limits or escalation criteria; governance relies on generic AI policies, occasional red‑teaming, and has diffuse accountability.
  • Level 2 – Policy‑defined, human‑in‑the‑loop: Formal policies map use cases to regulations such as the EU AI Act and GDPR, with mandatory human‑in‑the‑loop for high‑impact decisions; cross‑functional governance names an owner (for example, a CAIO), and logging, versioning and AI‑SBOMs are established though monitoring is periodic.
  • Level 3 – Integrated, continuous oversight: Agentic AI is treated as critical infrastructure with risk‑tiered workflows and autonomy ladders, real‑time dashboards to track drift and anomalies, kill switches to pause autonomy, and governance‑as‑code that enforces machine‑readable policies across the AI lifecycle.

Operational responses: live monitoring, containment, and cleaner identity

The paper stresses that the controls needed for agentic AI are not merely stronger versions of traditional security measures. Agents operate at machine speed and scale, the authors say, so monitoring must operate at that same pace. Practical measures cited include live behavioral baselines, real‑time containment and stop mechanisms, joint incident response across safety and security teams, and improved identity hygiene — for example, ephemeral credentials and cryptographic attestation so each action can be traced and limited.

OWASP presents the model visually as a table of green, yellow and red cells that show when governance matches deployment, when oversight may be incomplete, and when deployments are being applied without the right governance. “Don’t operate in the red cells,” Fogel warned during the summit.

What this means for technologists, procurement leaders, and safety and security teams

  • Technologists and security teams: Use the model to discover the most advanced agents in use, prioritize the riskiest workloads, and decide whether to invest in faster, different controls or to constrain deployments — a simplicity that John Sotiropoulos argued reduces the “cognitive tax” of constantly updated volumes of guidance.
  • Procurement and business leaders: The framework links governance upgrades to business goals; Sotiropoulos framed governance as an enabler of safe adoption, arguing that “people hiding and not doing AI is a vulnerability.”
  • Safety and security teams: Expect to converge telemetry and incident playbooks. The authors emphasize that safety exposures at the architectural level often create security exposures as well, and advocate aligned monitoring and playbooks to avoid misdiagnosis during live incidents.

OWASP’s Enterprise Adoption Maturity Model is positioned as a pragmatic decision posture: identify where agents sit on the deployment scale, measure governance against a clear maturity ladder, and either invest in agent‑specific controls or constrain the agent until existing controls suffice. The paper and presentations at Infosecurity Europe supply a road map for organizations that are shipping agentic systems faster than they can currently govern them.

Original story — Infosecurity Europe: OWASP Introduces Agentic AI Security Maturity Framework

Ai GovernanceArtificial IntelligenceEmerging ThreatsInformation SecurityOWASPGenai Security ProjectAgentic AI SecurityEnterprise Adoption Maturity ModelAI Security Maturity Framework
Related Intelligence

Continue Reading

Banking professional stands in modern office surrounded by AI-related devices.

Lloyds Banking Group Unveils Hands-On Approach to Securing Agentic AI

Lloyds Banking Group is taking a proactive approach to securing agentic AI, recognizing that understanding AI itself is crucial to embedding security into its adoption. The bank has made security a top priority, framing it as a deliberate technical strategy that spans the entire AI lifecycle.

Analyst 207
Florida Attorney General James Uthmeier holds a lawsuit folder in a government setting.

Florida Sues OpenAI, Altman Over Alleged Safety Neglect

Florida's top lawman, Attorney General James Uthmeier, is taking a stand against OpenAI and its CEO Sam Altman, alleging the company prioritized profits over safety, putting users at risk. He's filed a civil suit seeking penalties and holding Altman personally accountable for the harm caused to Floridians.

Analyst 207
Formal conference room with laptops and tablets on a large table.

Trump's AI Order Falls Short on Safety, Security Oversight

As President Trump recently issued an executive order calling on AI companies to voluntarily share their most powerful models with the US government, concerns linger about the lack of concrete safety and security oversight. It's now up to Congress to step in and address the potential risks without stifling innovation or compromising free expression.

Analyst 207
Researchers surrounded by old books and manuscripts use a computer to display a decrypted medieval cipher in a library…

Machine Learning Decrypts Medieval Ciphers

Researchers are harnessing the power of machine learning algorithms to crack medieval codes, bringing ancient secrets to life with modern technology. By applying these innovative techniques, they're unlocking the mysteries hidden within historical pencil-and-paper ciphers.

Analyst 207