Welcome to the go-to source on AI security. 170+ pages of comprehensive guidance on how to protect AI and data-centric systems against security threats - feeding straight into international standards. Made by the community and provided as open source to the community. Part of the OWASP AI Security & privacy guide.
Our Content
Purpose
The OWASP AI Exchange has open sourced the global discussion on the security of AI and data-centric systems. It is an open collaborative project to advance the development of AI security standards and regulations, by providing a comprehensive overview of AI threats, vulnerabilities and controls. This content is feeding into standards for the EU AI Act, ISO/IEC 27090 (AI security), the OWASP ML top 10, the OWASP LLM top 10, and OpenCRE - which we want to use to provide the AI Exchange content through the security chatbot OpenCRE-Chat.
Data-centric systems can be divided into AI systems and ‘big data’ systems that don’t have an AI model (e.g. data warehousing, BI, reporting, big data) to which many of the threats and controls in the AI Exchange are relevant: data poisoning, data supply chain management, data pipeline security, etc.
Our mission is to be the authoritative source for consensus, foster alignment, and drive collaboration among initiatives - NOT to set a standard, but to drive standards. In other words: be among the top bookmarks of professionals involved in AI security. By doing so, we provide a safe, open, and independent place to find and share insights for everyone. See AI Exchange LinkedIn page.
The AI Exchange is displayed here at owaspai.org and edited using a GitHub repository (see the links Edit on Github). It is is an open-source living publication for the worldwide exchange of AI security expertise, and part of the OWASP AI security & privacy guide project. It is structured as one coherent resource consisting of several sections under ‘content’, each represented by a page on this website.
OWASP AI Exchange by The AI security community is marked with CC0 1.0 meaning you can use any part freely without copyright and without attribution. If possible, it would be nice if the OWASP AI Exchange is credited and/or linked to, for readers to find more information.