From d39789183baa306b778833a67d1d49fe1bb39d43 Mon Sep 17 00:00:00 2001 From: OWASP Foundation Date: Tue, 10 Jun 2025 14:34:15 -0400 Subject: [PATCH] initialize repo --- index.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 index.md diff --git a/index.md b/index.md new file mode 100644 index 0000000..f98d31a --- /dev/null +++ b/index.md @@ -0,0 +1,33 @@ +--- + +layout: col-sidebar +title: OWASP AI Testing Guide +tags: example-tag +level: 2 +type: documentation +pitch: A very brief, one-line description of your project + +--- + +As organizations increasingly adopt artificial intelligence (AI) solutions, the need for a robust framework to rigorously test AI systems for security, ethics, reliability, and compliance becomes essential. Although numerous application security testing guides exist, such as the OWASP Web Security Testing Guide (WSTG) and Mobile Security Testing Guide (MSTG), the unique risks and challenges of AI systems require specialized guidance. + +Mission Statement: The OWASP AI Testing Guide aims to become the reference for identifying security, privacy, ethical, and compliance vulnerabilities inherent in AI applications. Inspired by established OWASP methodologies, the AI Testing Guide will deliver structured and practical guidance for security professionals, testers, and AI developers. This guide will be technology and industry agnostic, emphasizing applicability across various AI implementation scenarios. + +### Road Map +I wrote a first draft here: +[https://github.com/MatOwasp/AI-Testing-Guide|https://github.com/MatOwasp/AI-Testing-Guide] + +Phase 1: Initial Draft and Community Formation (MAY 2025) +Publish an initial project outline clearly defining the scope, mission, and testing categories. +Establish an OWASP GitHub repository and set up a dedicated community team. +Conduct initial outreach to invite contributions from the OWASP and AI communities. + +Phase 2: Framework Development and First Release (SEPTEMBER 2025) +Develop detailed testing guidelines covering key AI-specific risks including model security, data poisoning, adversarial robustness, prompt injection, privacy, and ethics validation. +Publish a draft version for public review and community feedback. +Begin pilot testing the guide's methodologies in collaboration with industry partners to gather practical insights and validate effectiveness. + +Phase 3: Refinement, Release, and Promotion (DECEMBER 2025) +Incorporate community and industry feedback to finalize the first official release of the OWASP AI Testing Guide. +Present the guide at global OWASP conferences, including hosting workshops and interactive sessions to encourage broader adoption and continuous improvement. +Establish a structured update cycle to ensure ongoing relevance with advancements in AI.