BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News OWASP Launches AI Testing Guide to Address Security, Bias, and Risk in AI Systems

OWASP Launches AI Testing Guide to Address Security, Bias, and Risk in AI Systems

Listen to this article -  0:00

The OWASP Foundation has officially introduced the AI Testing Guide (AITG), a new open-source initiative aimed at assisting organizations in the systematic testing and security of artificial intelligence systems. This guide, led by Matteo Meucci and Marco Morana, serves as a fundamental resource for developers, testers, risk officers, and cybersecurity professionals, promoting best practices in AI system security.

As AI technologies become embedded in critical industries—from finance and healthcare to national security—the need for structured, AI-specific testing has grown significantly. Unlike traditional software, AI systems introduce unique challenges, including non-deterministic behavior, data drift, adversarial attacks, and algorithmic bias. The AITG addresses these issues directly using methodologies derived from OWASP's established practices, including the Web Security Testing Guide (WSTG) and the Mobile Security Testing Guide (MSTG).

The AI Testing Guide focuses on areas such as data-centric testing, fairness evaluation, adversarial robustness, privacy validation, and continuous model monitoring. It emphasizes the importance of reproducibility, ethical alignment, and risk mitigation, particularly in high-stakes applications.

Industry professionals have already voiced their support. Michael Tyler, an expert in enterprise security strategy, commented:

OWASP's AITG is a true game-changer for AI security. As CISOs, we've wrestled with AI's non-deterministic nature and silent data drift. This guide offers a structured path to secure, auditable AI, from prompt injection to continuous monitoring. A vital roadmap for responsible deployment!

Teddy Ramanakasina, an associate director specializing in cybersecurity and IT audit, added:

Great initiative! Structured AI testing is essential to align security, governance, and assurance. Happy to contribute from a risk and audit perspective — looking forward to engaging with the OWASP community.

Similarly, Soulaiman Hajjaj, a cloud and cybersecurity specialist, emphasized the critical need for such a framework:

Excellent initiative! This addresses a critical gap, as a massive number of organisations lack comprehensive AI security frameworks. Structured testing methodologies are non-negotiable for risk mitigation.”

The OWASP AI Testing Guide is designed to be both technology-agnostic and globally relevant, with a roadmap focused on continuous updates to keep pace with AI advancements. OWASP invites developers, researchers, red teamers, and ethical hackers to contribute via its official channels and Slack community.

The project is currently in Phase 1, with a public draft and GitHub repository now live. Community input is being actively encouraged to help refine the guide ahead of its first official release, scheduled for September 2025.

About the Author

BT