

Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
34 snips Oct 14, 2025
Steve Wilson, Chief Product Officer at Exabeam and founder of the OWASP GenAI Security Project, dives into the growing intersection of generative AI and cybersecurity. He explains how the project expanded beyond just developers to serve various audiences. Wilson highlights the significant challenges posed by prompt injection and its unique nature compared to traditional injection flaws. He shares insights on preparing CISOs for AI-enhanced adversaries and emphasizes the need for durable defenses. The discussion also touches on the evolving role of AppSec in organizational risk management.
AI Snips
Chapters
Books
Transcript
Episode notes
Unexpected Project Launch Momentum
- Steve Wilson told how a LinkedIn post expecting a dozen contributors drew 200 people to the first OWASP GenAI meeting.
- The early crowd swelled and 400 people contributed to the first LLM Top 10 release, driving rapid project growth.
Prompt Injection Is Like Phishing
- Prompt injection resembles phishing more than SQL injection and resists the same fixes.
- Securing AI requires focusing on human-targeting attack patterns, not just classic code sanitization.
Assume Prompt Injection And Limit Access
- Design systems assuming prompt injection will occur and avoid exposing sensitive data to LLMs.
- Use reprocessing patterns and deny LLM access to information users cannot access elsewhere.