Guidelines  ·  2026-07-05

OWASP GenAI Security Project — GenAI Red Teaming Manual v1.0 released for public comment

GuidelinesMedium impactGlobal
The OWASP GenAI Security Project released version 1.0 of the 'GenAI Red Teaming Manual' around July 1, 2026, now open for a public comment period. The manual defines an eight-phase adversarial-testing methodology (Planning & Scoping, Reconnaissance & Fingerprinting, Surface Mapping, Exploitation, Persistence & Escalation, Post-Exploitation & Impact, Evaluation & Reporting, Post-Engagement & Remediation) for testing generative and agentic AI systems, with community contributions (e.g., NeuralTrust's Echo Chamber multi-turn jailbreak technique documented as a real-world example). It explicitly cross-references OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications, MITRE ATLAS, and the NIST AI RMF.
This is the first community-standardized, phase-based red-teaming methodology for GenAI/agentic systems from a recognized standards body, giving security teams and auditors a repeatable, traceable process (including metrics like Attack Success Rate and pass@k) rather than ad hoc testing. Because it ties findings back to existing risk taxonomies (LLM Top 10, Agentic Top 10, ATLAS, AI RMF), it is likely to become a reference point for AI red-team engagements and vendor claims of adversarial testing rigor.
Security and red-team leads should review the draft during the public comment period, map existing internal AI red-teaming practices to the eight-phase structure, and submit feedback via OWASP GenAI Security Project channels before the comment period closes.
NeuralTrust — Contributes to the OWASP GenAI Red Teaming Manual
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →