Contents
Doom-prepping for AI Chaos: Keeping the bots in check with OWASP’s Threat Defense COMPASS.
At times, generative AI become a little too creative for comfort. One minute it’s helping you write code, the next it’s inventing new ways to break your firewall. That’s where the OWASP GenAI Security COMPASS comes in.
OWASP’s GenAI Security Project – Threat Defense COMPASS consolidates AI threats, vulnerabilities, defenses, and mitigations into a unified AI Threat Resilience Strategy Dashboard.
Think of it as your “AI risk assessment matrix”, built on the OODA loop (Observe, Orient, Decide, Act). It helps teams keep an eye on what their AI is doing, figure out the risks, make smart choices, and act fast before things spiral out of control. This approach allows organizations to continuously assess their AI environments, adapt to evolving threats, and focus efforts on high-impact security priorities.
1. Observe
The Observe phase (Steps 1, 2, and 3 in the Threat Defense COMPASS) establishes a clear, structured view of the organization’s AI-related threats by evaluating the full AI attack surface. This phase lays the groundwork for informed decision-making.
Step 1: Assess AI Security Risks Using Profile Threat Assessment:
Purpose: To classify threats according to how they relate to and potentially affect the organization.
Action: Identify and classify AI-specific risks relevant to the environment using organized threat profiles, which cover External AI Threats and Internal AI Adoption Risks .
Step 2: Observe Objective Dashboard:
Action: Categorize identified threats based on their associated risk profiles to enable targeted prioritization and resource allocation.
Teams can opt for a Focused Assessment targeting only the highest-priority threats for immediate objectives, or Comprehensive Planning using strategic (long-term) and tactical (immediate) remediation lists.
Step 3: Observe: Attack Surface Analysis:
Action: Document potential threats and associated vulnerabilities.
Action: Assign impact and likelihood scores to prioritize security actions.
Action: Define the organization’s “Nuclear AI Disaster” (the worst-case AI-related scenario) to prioritize security controls and response plans.
Action: Use the 5-point scoring method (Impact: 1: Low to 5: Critical; Likelihood: 1: Unlikely to 5: Highly Likely) for simple, fast, initial threat estimation during the Observe phase.
2. Orient
The Orient phase involves integrating threat intelligence and external/internal feedback to sharpen situational awareness. Teams contextualize their observations with known vulnerabilities, real-world incidents, and testing results.
Step 4: Orient: Known AI Vulnerabilities:
Purpose: Discover and evaluate known vulnerabilities.
Action: Map AI-specific vulnerabilities, such as prompt injection, to Common Weakness Enumerations (CWEs) to normalize AI issues with traditional security practices.
Action: Score the severity of vulnerabilities using CVSS (Common Vulnerability Scoring System), adapted for AI contexts (e.g., assessing if the impact leads to data leaks or unintended actions).
Action: Transfer identified vulnerabilities to the Attack Surface Analysis tab for overall scoring.
Step 5: Orient Known AI Incidents:
- Purpose: Estimate likelihood and impact by reviewing published incident reports and tracking potential fines from legal or regulatory violations.
- Action: Review published incident reports (e.g., from OpenAI and Google).
- Action: Use this research to update business impact and likelihood values under Attack Surface Analysis.
Orient: Red Teaming:
Action: Review the business case, architecture, and assets using the Red Teaming Security Review Questions .
Action: Use the GenAI Red Team Testing tab to convert various vulnerability scoring systems into the standardized 5-point COMPASS scale.
Goal: Centralize findings to track all known issues related to Profile 1 and Profile 2 threats to enable effective mitigation planning.
3. Decide
The Decide phase uses the gathered intelligence to select the most appropriate course of action regarding controls and mitigations.
Step 6: Decide: Red Team or Vuln vs Mitigations:
Purpose: Evaluate and determine the appropriate preventative and detective controls.
Action: Map identified threats to existing defenses and mitigations.
Action: Track any missing controls that need to be addressed in the subsequent ACT phase.
4. Act
The Act phase focuses on implementing the strategic decisions and creating an actionable roadmap to achieve threat-informed resilience.
Step 7: ACT Strategy & Roadmap:
- Purpose: Document and track the objective strategy and roadmap, translating findings into an actionable, prioritized AI security plan.
- Action: Develop a clear implementation roadmap, breaking the strategy into specific, actionable steps (like implementing prompt sanitization controls).
- Action: Assign owners and define timelines for each step.
- Action: Update the Objective Profile to reflect the current status once mitigations are implemented.
Continuous Cycle:
The framework is designed for iterative use.
Teams must revisit and update the Objective Profile as mitigations are implemented or risks change, ensuring the roadmap remains current and aligned with emerging threats. The ongoing cycle builds the agility needed to navigate the complex and unpredictable nature of AI at scale.
In short, it’s a playbook for turning AI chaos into something you can actually manage—without needing a crystal ball or a panic button.
back to more articlessecurity 5-point Scoring Method AI Security Risks AI Threat Resilience Strategy Dashboard Act Actionable Plan Attack Surface Analysis Continuous Improvement Continuous Iteration Decide DevSecOps Impact Impact & Likelihood Known AI Vulnerabilities Likelihood Missing Controls Mitigations and Controls OODA Loop Observe Orient prompt injection Red Teaming SecDevOps SecOps OWASP GenAI Security COMPASS Security Review Questions Strategy Roadmap Strategy and Roadmap mitigation remediation secure engineering security architecture AI 2025
