Coffee, Chaos and ProdSec Ep 33 - Six OWASP AI Top 10s, Sixty Risks, Two Practitioners, One Consolidated List
đď¸ Coffee, Chaos and ProdSec, Ep 33 OWASP published six AI security Top 10s in roughly two years. Six.
That is not a framework strategy, that is a distress signal.
This week Kurt and Cameron tear through all of them. LLM security, agentic applications, MCP, agentic skills, machine learning security, and the honorary sixth because AI agents have an identity problem and NHIs deserve a seat at the table. Sixty risks, one episode, zero padding.
Then both hosts reveal the independent AI Top 10 lists they each built before recording and compare them live. There is overlap, there is disagreement, and there is a real conversation about whether all six frameworks can collapse into one model before the compliance world does it for us.
If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or Security Architecture and you have ever cited an OWASP framework in a deck without operationalizing a single control from it, this one lands differently.
â New episodes every Wednesday.
Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.