THE Open Worldwide Application Security Project (OWASP) has introduced a new agentic AI security maturity framework to help organizations align their AI deployments with appropriate governance measures. This framework, detailed in their paper "State of Agentic AI Security and Governance," categorizes agentic AI adoption into six levels, from 'Shadow AI' to 'Custom in-house agent.' It also outlines governance maturity across four levels, from ad hoc processes to integrated, continuous oversight.
This dual-axis model enables organizations to assess the alignment between their AI deployment practices and governance maturity. The framework also emphasizes the need for operational controls specifically designed for the rapid pace of AI systems, suggesting that effective governance can drive safer AI adoption and allow organizations to meet innovation goals while managing security risks.