Guest: Steve Winterfeld (LinkedIn)
Company: Akamai
Show Name: CISO Insights
Topic: Security

Application security threats evolve faster than security teams can respond. For years, OWASP’s Top 10 web application security risks served as the North Star for security professionals, offering a clear prioritization framework in an environment of limited resources and unlimited threats. Now, OWASP has fundamentally expanded that framework with new lists targeting agentic AI and large language models—signaling that the attack surface has grown far beyond traditional web applications.

Steve Winterfeld, Advisory CISO at Akamai, describes the challenge facing every security leader: “As a CIO, I have a $10 budget and $20 worth of problems, so I have to be very careful about what I’m going to fix. I want the largest return on investment.”

That’s precisely why OWASP (Open Worldwide Application Security Project) created its Top 10 lists. Founded in 2001 with over 60 chapters worldwide and more than 30,000 volunteers, OWASP identifies the most common techniques used by attackers. Fix these 10 vulnerabilities, and organizations can eliminate the majority of attack vectors threatening their applications.

The Evolution of OWASP Lists

The original Top 10 for web application security remained largely unchanged for 10 to 15 years—a testament to how fundamental those vulnerabilities were, but also a source of frustration for practitioners eager to demonstrate progress. Recent years have seen accelerated change as new technologies create new attack surfaces.

The API security list changed after just a couple of years. The large language model list changed after only one year. This acceleration reflects both the rapid evolution of technology and OWASP’s commitment to staying relevant.

This year brought updates across multiple lists. The web application Top 10 now includes two new threats: software supply chain vulnerabilities and mishandling of exceptional conditions. Winterfeld emphasizes that teams shouldn’t drop the two items that fell off the list—they’re now 11 and 12 in priority—but should definitely add the new entries to their security processes.

The large language model list changed significantly after just one year, with four new threats and three renamed or recategorized items. “What we see is an evolution in two things,” Winterfeld explains. “One is practitioners saying we didn’t get that right, people are confused, let’s rename it. And the second part is really around what fell off.” Notably, DDoS dropped from the original list—not because it’s no longer a threat, but because it’s not critical enough to crack the top 10.

Two Entirely New Lists

The most significant development is OWASP’s introduction of frameworks for emerging technologies. The agentic AI list addresses systems that are autonomous, can create plans, interface with customers, and make business decisions. “These are fairly powerful. They go across multiple environments, and now I’m trying to abuse the business logic. I’m trying to get it to make bad decisions,” Winterfeld notes.

This new attack surface requires different protection strategies. Where web applications use one set of security tools and APIs use another, agentic AI systems may require a combination of technical controls and process-based protections. Attackers targeting these systems focus on changing chain reactions and amplifying failures beyond a single prompt.

Practical Implementation Strategy

For security teams wondering how to integrate these expanded frameworks, Winterfeld offers clear guidance based on organizational structure. If the same team handles web pages, APIs, and large language models, integration is straightforward—just ensure the team applies the appropriate checklist as they shift between projects. Organizations with separate teams for each technology need to ensure each team has access to and training on their relevant Top 10 list.

Winterfeld outlines how he uses these frameworks across the security lifecycle. First, as a threat lens: “I now hear that agentic AI is a focus area for cybercriminals and hacktivists. So I’m going to ask myself, in my security program, do I have security controls in place to make sure my portfolio is safe?”

This requires close collaboration with business partners to understand where the organization uses large language models, APIs, or agentic AI. The next step is training—ensuring both security personnel and developers understand how to avoid common coding errors that create vulnerabilities.

Vulnerability management teams need to scan for these issues in testing and live environments. Supply management teams should ask suppliers what they’re doing for API security, large language model security, and other framework-specific protections. Penetration testing and red team exercises should explicitly use the Top 10 lists to attack systems and validate defenses.

Validation and Root Cause Analysis

Winterfeld emphasizes the importance of data validation. If security scans aren’t detecting certain Top 10 vulnerabilities, teams need to determine why. “Is it because we don’t use that function, or because my security controls weren’t designed to catch those issues?”

When vulnerabilities are detected, root cause analysis is essential. If a scan finds five instances of local file inclusion vulnerabilities, is that one developer making the same mistake or four different developers revealing a gap in training? This analysis informs both immediate remediation and long-term improvements to development practices.

Akamai’s Implementation at Scale

At Akamai, these frameworks guide both internal security and customer protection capabilities. As new Top 10 lists emerge, they align with customer requests for protection against those specific threats. When the API Top 10 list launched, customers were simultaneously asking Akamai for help protecting against API threats.

“It gives us a chance to say, here’s what we’re doing for APIs,” Winterfeld explains. “We’re using the OWASP Top 10, and we cover seven of the top 10 that are technical—the other three are administrative. We’re covering the seven technical aspects and giving you visibility and remediation around that.”

Akamai’s suite includes web application firewalls, API firewalls, and generative AI firewalls—each designed around the relevant OWASP frameworks. This approach ensures customers receive protection aligned with industry best practices and emerging threat intelligence.

Beyond OWASP: A Broader Security Toolkit

While OWASP lists are foundational, Winterfeld recommends security teams maintain a broader toolkit. Regulatory frameworks like GDPR for privacy and the EU AI Act provide policy guidance. Industry-specific standards like NERC CIP for energy, PCI DSS for payment cards, and SOC 2 for investor confidence offer attestation opportunities.

In the United States, the NIST 800 series serves as the primary standard, with most federal regulations deriving from this framework. NIST 800-207 specifically addresses zero trust architecture. The MITRE ATT&CK framework offers 14 tactics and over 200 techniques across enterprise, industrial control systems, and mobile environments. For smaller organizations, the Center for Internet Security provides 20 foundational controls.

“Standards are always going to be slower,” Winterfeld acknowledges. “I spend a lot of time reading things like Akamai’s State of the Internet cyber security reports, and I’m going to see a shift in attack trends there before I see it in the standards.” He recommends joining industry organizations, attending local OWASP chapters, and participating in information sharing groups to stay ahead of emerging threats.

Looking Forward

As AI-driven attacks and supply chain vulnerabilities grow more sophisticated, OWASP faces the challenge of maintaining relevance while gathering sufficient data to identify trends. There’s always a lag between when technologies are deployed, when attack patterns emerge, when data is collected, and when standards are published.

For security teams, the message is clear: expand your view beyond traditional web applications. These new OWASP lists provide a broader framework for protecting the full spectrum of modern application architectures—from APIs to large language models to autonomous agentic systems. Combined with threat intelligence, industry participation, and continuous validation, these frameworks offer the highest return on investment in an environment where security budgets will never match the scope of potential threats.