OWASP — Agentic AI Security Maturity Framework launched at Infosecurity Europe 2026

AI relevance: OWASP's new framework gives security teams a concrete method to assess whether their AI agent deployments are over-permissioned relative to available security controls.

What happened

• At the OWASP GenAI Security Summit during Infosecurity Europe 2026 (June 4), Ariel Fogel (Pillar Security, OWASP co-lead) introduced the Agentic AI Security Maturity Framework.
• The framework maps each agent on a two-axis quadrant: autonomy/capability (how much the agent can do on its own) versus governance maturity (what security controls, policies, and monitoring are in place).
• Plotting an agent on both axes yields a green, yellow, or red cell. On-stage guidance was blunt: "Don't operate in the red cells."
• Where governance lags, the framework points to two responses: invest in agentic-specific controls, or reduce the agent's permissions and autonomy until existing controls suffice.
• The framework builds on OWASP's December 2025 Top 10 for Agentic Applications, which identified prompt injection, memory poisoning, and privilege escalation through over-permissioned agents as leading attack classes.
• At the same conference, Fogel also stated that prompt injection remains an "unsolved architectural problem that could hamper the development of AI."
• Cisco's State of AI Security 2026 report found only 29% of organizations feel prepared to secure agentic AI deployments, while 83% plan to deploy them into business functions — a gap the framework directly addresses.

Why it matters

Most AI risk frameworks today are generic checklists. This framework operationalizes the question: "Given this agent's autonomy level, do we have enough controls?" It's designed to be actionable for CISOs who need to justify slowing down or scoping back agent deployments. The red/yellow/green cell model makes it easy to communicate risk to non-technical stakeholders.

What to do

• Map your deployed or planned AI agents onto the framework's autonomy-vs-governance axes.
• Flag any red-cell agents and either reduce their permissions or add agentic-specific controls (tool-scoping, output validation, session monitoring).
• Use the framework as a communication tool with leadership — the visual quadrant makes risk tangible.
• Pair it with OWASP's Top 10 for Agentic Applications for concrete control recommendations.

Sources

• OWASP Introduces Agentic AI Security Maturity Framework — Infosecurity Magazine
• OWASP Agentic AI Maturity Framework — Let's Data Science
• Prompt Injection Remains Unsolved, OWASP Researcher Warns
• OWASP Top 10 for Agentic Applications 2026