# OWASP Introduces Agentic AI Security Maturity Framework > Source: > Published: 2026-06-05 11:53:15.807318+00:00 # OWASP Introduces Agentic AI Security Maturity Framework According to ITSecurityNews (indexing Infosecurity Magazine), OWASP introduced an "Agentic AI Security Maturity Framework" at **Infosecurity Europe**. ITSecurityNews describes the framework as helping organisations assess governance maturity versus adoption and adjust governance as needed. The same coverage reports OWASP will formally announce an "Agentic Research Council" at Infosecurity Europe, described as a coordinated research effort to address the growing disparity between fast-moving agentic AI capabilities and conventional security research timelines. ### What happened According to ITSecurityNews (indexing Infosecurity Magazine), OWASP introduced the **Agentic AI Security Maturity Framework** at **Infosecurity Europe**. ITSecurityNews reports the framework is intended to help organisations assess governance maturity versus adoption and adjust governance as needed. ITSecurityNews also reports OWASP will formally announce the **Agentic Research Council** at Infosecurity Europe, described as a coordinated research effort to address the disparity between fast-moving agentic AI capabilities and conventional security research timelines. ### Technical details Per the ITSecurityNews summary of the Infosecurity Magazine coverage, the public description of the framework is high-level and governance-focused; the scraped coverage does not publish framework artefacts, metrics, or methodological specifics. There are no model-level specifications or implementation guides quoted in the source material. ### Industry context Industry context: Organisations adopting agentic AI increasingly face gaps between rapid capability development and existing security research cadence. Comparable maturity frameworks in security and privacy historically provide taxonomy, checkpointing, and escalation paths that help standardise assessments across teams and vendors. ### For practitioners For practitioners: a governance-focused maturity framework and an associated research council can provide common language for threat modelling, audit criteria, and procurement requirements, even when the framework itself is initially descriptive rather than prescriptive. Teams evaluating agentic systems should expect early maturity frameworks to prioritise governance controls, logging standards, and risk classification over prescriptive engineering blueprints. ### What to watch Observers should watch for publication of the framework artefacts, versioned maturity matrices, and any technical guidance from the Agentic Research Council once it is formally announced. Also monitor whether the council publishes reproducible threat models, tooling recommendations, or criteria that can be integrated into security reviews and procurement processes. ## Scoring Rationale A new OWASP framework and a dedicated research council are notable for practitioners because they can standardise governance language and audit criteria for agentic AI. The story is timely but not a model or tool release, so its immediate technical impact is moderate. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. [Try 250 free problems](/problems)