OWASP Introduces Agentic AI Security Maturity Framework

At the OWASP GenAI Security Summit during Infosecurity Europe 2026, held June 4, the OWASP GenAI Security Project introduced an agentic AI security maturity framework dubbed the 'Enterprise Adoption Maturity Model,' according to Infosecurity Magazine. The framework appears in the project's latest paper, 'State of Agentic AI Security and Governance,' published June 3, and is presented as a practical decision tool rather than an ever-growing catalog of rules. Ariel Fogel, an AI security researcher in Pillar Security's Office of the CTO and a report co-lead, introduced it on stage. OWASP separately announced an Agentic Research Council, a coordinated effort to close the gap between fast-moving agentic capabilities and slower security-research cycles.

The framework maps governance across two linked axes. A deployment axis defines six levels of agent adoption, from AT0 (shadow AI, self-adopted outside governance) and vendor-embedded assistants, up through code-executing agents, to AT5 (custom in-house agents the organization builds and controls). A governance axis defines four maturity levels, from Level 0 (ad hoc, with no agent-specific policies or logging) to Level 3 (integrated, continuous oversight with risk-tiered autonomy ladders, real-time drift dashboards, kill switches, and governance-as-code). Plotting an agent on both axes yields a green, yellow, or red cell; Fogel's on-stage guidance, per Infosecurity Magazine, was blunt: 'Don't operate in the red cells.' Where governance lags, the model points to two responses: invest in controls designed for agentic systems, or reduce the agent's permissions and autonomy until existing controls suffice.

The paper argues the controls agents need are not merely stronger versions of traditional measures. Because agents act at machine speed and scale, Fogel said teams need monitoring that runs at the same speed as agent workloads: live behavioral baselines, real-time containment and stop mechanisms, joined incident response across safety and security teams, and stronger identity hygiene such as ephemeral credentials and cryptographic attestation so each action can be traced and constrained. The framework also stresses that AI safety and security converge at the deployment layer, where the same architectural choices can create both kinds of exposure.

Co-lead John Sotiropoulos framed the model as a way to cut the 'cognitive tax' of ever-expanding guidance, arguing prudent governance should enable safe adoption rather than block it; he characterized teams avoiding AI entirely as itself a vulnerability, per Infosecurity Magazine. For practitioners, a maturity model from an influential industry body offers shared language for threat modeling, audit criteria, and procurement requirements, even while it remains a governance decision tool rather than a prescriptive engineering blueprint.

Key signals include uptake of the Enterprise Adoption Maturity Model in real assessments, publication of versioned maturity matrices and framework artefacts, and the first outputs of the Agentic Research Council, including reproducible threat models, tooling recommendations, and criteria that teams can fold into security reviews and procurement.