What happened
The OWASP GenAI Security Project released version 1.0 of the 'GenAI Red Teaming Manual' around July 1, 2026, now open for a public comment period. The manual defines an eight-phase adversarial-testing methodology (Planning & Scoping, Reconnaissance & Fingerprinting, Surface Mapping, Exploitation, Persistence & Escalation, Post-Exploitation & Impact, Evaluation & Reporting, Post-Engagement & Remediation) for testing generative and agentic AI systems, with community contributions (e.g., NeuralTrust's Echo Chamber multi-turn jailbreak technique documented as a real-world example). It explicitly cross-references OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, MITRE ATLAS, and the NIST AI RMF.
Why it matters
This is the first community-standardized, phase-based red-teaming methodology for GenAI/agentic systems from a recognized standards body, giving security teams and auditors a repeatable, traceable process (including metrics like Attack Success Rate and pass@k) rather than ad hoc testing. Because it ties findings back to existing risk taxonomies (LLM Top 10, Agentic Top 10, ATLAS, AI RMF), it is likely to become a reference point for AI red-team engagements and vendor claims of adversarial testing rigor.
Action needed
Security and red-team leads should review the draft during the public comment period, map existing internal AI red-teaming practices to the eight-phase structure, and submit feedback via OWASP GenAI Security Project channels before the comment period closes.