AI Exchange Charter


Comprehensive guidance and alignment on how to protect AI against security threats - by professionals, for professionals.

The goal of the OWASP AI Exchange is to protect society from AI security issues by independently harnessing the collective wisdom of global experts across various disciplines. This initiative focuses on advancing AI security understanding, supporting the development of global AI security guidelines, standards and regulations, and simplifying the AI security domain for professionals and organizations. Its goal is to provide a comprehensive overview of AI threats, risks, mitigations, and controls. This overview needs to align and feed into global standardization initiatives such as the EU AI Act, ISO/IEC 27090 (AI Security), the OWASP ML Top 10, the OWASP LLM Top 10, and OpenCRE. This alignment, achieved through open source Github collaboration and liaisons with working groups. Alignment is crucial to prevent confusion and ignorance, leading to harm from AI security incidents. The position of the Exchange is altruistic: NOT to set a standard, but to drive standards, and still be the top bookmark for people dealing with AI security.

Target Audience

This charter primarily addresses the needs of cybersecurity experts, privacy/regulatory/ legal professionals, AI leaders, developers, and data scientists. It offers accessible guidance and resources to these groups, enabling them to apply, build and maintain secure AI systems effectively.

Mission / Goals

Our mission is to establish the OWASP AI Exchange as the place to go for professionals who want to understand AI security, and to be the authoritative source for consensus, alignment, and collaboration among various AI initiatives. We aim to foster a unified approach to addressing AI security challenges.

Scope & Responsibilities

  • AI-specific: Focus on the topics that are specific to AI, and cover how generic topics (e.g. risk analysis) can be adapted for AI and discuss AI attention points for them
  • The security OF AI: that’s what the Exchange is about, so it covers threats TO AI systems. Some of those threats have effect on the behaviour/availability of the AI system which indirectly creates threats BY AI.
  • Explain and refer: the Exchange covers a topic by a concise explanation that transcends the material by making it clear, sensible, mentioning important points of consideration, and referring the reader to further reading. Think of the explanation of ‘AI security for professional dummies’.
  • Develop a comprehensive framework for AI threats, risks, and controls (mitigations) - establish a common taxonomy and glossary for AI security.
  • Create insight into relevant laws and regulations.
  • Provide guidance on testing tools and methods with outcome assessments.
  • Formulate a shared responsibility model for working with third-parties providing AI models or other relevant facilities.
  • Offer supply chain guidance and an incident response plan.

The AI Exchange aims to be primarily a single coherent publication on AI security, containing separate sections. It should not be a set of separate publications, unless we really need to.

Relation to other OWASP or other organization initiatives

These are the other OWASP AI initiatives and the relation with the AI Exchange;

  • The OWASP AI security and privacy guide is the official OWASP project under which the AI Exchange was established. The deliverable of this project consists of the AI Exchange content plus guidance on AI privacy.
  • The OWASP LLM top 10 provides a list of the most important LLM security issues, plus deliverables that focus on LLM security, such as the LLM AI Security & Governance Checklist.
  • The OWASP ML top 10 provides a list of the most important machine learning security issues.
  • has been established under the OWASP Integration standards project and holds a catalog of common requirements across various security standards inside and outside of OWASP. The plan is to let OpenCRE contain new AI security controls as well.


  1. Prep 0.9: Finish all todos in the internal TODO table -> release 0.9
  2. Prep 1.0: Review by community and by ourselves -> release 1.0
  3. Feed the Exchange 1.0 into at least the AI Act and ISO 27090
  4. Make it easier for readers to recognize their deployment model and select only what is relevant to them
  5. More illustration of threat models and attack vectors
  6. Further alignment with Mitre Atlas, NIST, the LLM Top 10, ENISA’s work, and the AIAPP International Privacy Group


The AI security community is marked with CC0 1.0 meaning you can use any part freely, without attribution. If possible, it would be nice if the OWASP AI Exchange is credited and/or linked to, for readers to find more information.