What happened
OWASP's GenAI Security Project published version 2.01 of the State of Agentic AI Security and Governance on June 1, 2026, and presented it at the OWASP GenAI Security Summit at Infosecurity Europe on June 4. Unlike the 2025 first version, v2.01 is anchored in documented real-world incidents: it includes a Real-World Incidents and Exploits Tracker mapping each event to the OWASP Top 10 for Agentic Applications, an updated threat analysis, a revised agent taxonomy with an enterprise adoption maturity model, and new sections on agent identity, non-human identity, AI SBOM, and supply chain provenance across 42 regulatory instruments in 10 jurisdictions.
Why it matters
The document's shift from 'plausible threats' to 'CVE-backed incidents' signals that agentic AI security has moved from risk modelling to operational defence — every threat pattern in the 2025 edition now has at least one real-world case attached. The paper also explicitly argues that AI Safety and AI Security can no longer run as parallel functions once an agent is operating on production systems, which has direct implications for how enterprises staff and structure their AI governance.
Action needed
Download the v2.01 report and cross-reference the Real-World Incidents Tracker against your own deployed agent inventory; use the enterprise adoption maturity model to identify which governance tier your current deployments fall into and what controls are missing.