AISVS: A Developer-Centric Standard for Securing AI Applications

Abstract:
As artificial intelligence systems become integrated into mainstream applications, their attack surface expands dramatically—introducing new threats and compounding existing vulnerabilities. The OWASP Artificial Intelligence Security Verification Standard (AISVS) is a new community-driven project designed to define clear, actionable security requirements for developers, architects, and testers building AI-enabled software.

In this session, OWASP leader and security educator Jim Manico will introduce AISVS 1.0, walk through its structure and key categories, and explain how it complements traditional application security standards like ASVS. You’ll learn:

• Why we need AISVS: the unique threats AI systems face
• The structure and scope of AISVS and how it supports different security assurance levels
• Key controls across AI data governance, model development, and deployment
• How AISVS integrates with NIST AI RMF, ISO/IEC 42001, and the OWASP LLM Top 10
• How to start using AISVS in your organization today

Whether you're building AI-driven apps, managing security risk for machine learning models, or curious about adversarial ML and secure prompt engineering—this talk will equip you with the foundation to develop and verify secure and trustworthy AI systems.

Target Audience:
Developers, AppSec professionals, DevOps teams, AI/ML engineers, and anyone interested in the future of secure software development.