OWASP — Agentic AI Security Maturity Framework at Infosecurity Europe 2026

AI relevance: Organizations are deploying code-executing and multi-agent systems (AT4–AT5) while operating with copilot-era governance (Level 0–1) — the OWASP framework provides a concrete way to identify and remediate these governance mismatches before incidents occur.

OWASP released its State of Agentic AI Security and Governance paper on June 3, accompanied by a new Enterprise Adoption Maturity Model presented by co-lead Ariel Fogel (Pillar Security) at the OWASP GenAI Security Summit during Infosecurity Europe 2026 on June 4.

The framework maps two axes: deployment maturity (AT0–AT5, from shadow AI to custom in-house agents) and governance maturity (Level 0–3, from unaware/ad-hoc to integrated continuous oversight). The core insight is a color-coded matrix showing where deployment outpaces governance — what Fogel calls "red cells" that organizations must avoid.

The deployment axis:

• AT0 — Shadow AI: No organizational awareness; unapproved self-adoption
• AT1 — Vendor-embedded assistant: Fully vendor-controlled
• AT2 — Platform-integrated: AI-native platform with your data, no arbitrary code execution
• AT3 — Citizen-developer agent: Low-code/no-code with real organizational data actions
• AT4 — Code-executing agent: Generates and executes code with local/cloud privileges
• AT5 — Custom in-house agent: You control identity, tools, and boundaries

The governance maturity axis:

• Level 0 — Unaware and ad-hoc: No formal recognition of agentic AI's distinct risks
• Level 1 — Experimentation without guardrails: Pilots lack defined autonomy limits or escalation criteria
• Level 2 — Policy-defined, human-in-the-loop: Formal policies, cross-functional governance, AI-SBOM established
• Level 3 — Integrated, continuous oversight: Real-time dashboards, kill switches, governance-as-code, ephemeral credentials

Why it matters

The framework's central argument is that governance is still operating at copilot-era maturity while teams ship multi-agent systems. Agents operate at machine speed and scale, so monitoring infrastructure must match — including live behavioral baselines, real-time containment mechanisms, cross-functional incident response, and cryptographic attestation for traceable actions. The paper emphasizes that needed controls are not merely stronger versions of traditional security; they are structurally different for autonomous systems.

What to do

• Map your existing agent deployments to the AT0–AT5 axis.
• Assess your current governance level against the framework's matrix — identify any "red cells."
• For mismatched deployments: either invest in agentic-specific controls or reduce agent permissions until existing controls suffice.
• Review the Microsoft Agent Governance Toolkit (open source, covers all 10 OWASP Agentic Top 10 categories) as a starting implementation.

Sources

• OWASP — State of Agentic AI Security and Governance
• Infosecurity Magazine — OWASP Introduces Agentic AI Security Maturity Framework
• Microsoft — Agent Governance Toolkit (GitHub)