Security Weekly Podcast Network (Audio)

Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352

34 snips
Oct 14, 2025
Steve Wilson, Chief Product Officer at Exabeam and founder of the OWASP GenAI Security Project, dives into the growing intersection of generative AI and cybersecurity. He explains how the project expanded beyond just developers to serve various audiences. Wilson highlights the significant challenges posed by prompt injection and its unique nature compared to traditional injection flaws. He shares insights on preparing CISOs for AI-enhanced adversaries and emphasizes the need for durable defenses. The discussion also touches on the evolving role of AppSec in organizational risk management.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
ANECDOTE

Unexpected Project Launch Momentum

  • Steve Wilson told how a LinkedIn post expecting a dozen contributors drew 200 people to the first OWASP GenAI meeting.
  • The early crowd swelled and 400 people contributed to the first LLM Top 10 release, driving rapid project growth.
INSIGHT

Prompt Injection Is Like Phishing

  • Prompt injection resembles phishing more than SQL injection and resists the same fixes.
  • Securing AI requires focusing on human-targeting attack patterns, not just classic code sanitization.
ADVICE

Assume Prompt Injection And Limit Access

  • Design systems assuming prompt injection will occur and avoid exposing sensitive data to LLMs.
  • Use reprocessing patterns and deny LLM access to information users cannot access elsewhere.
Get the Snipd Podcast app to discover more snips from this episode
Get the app