Essential resources for tracking security vulnerabilities across AI systems, web applications, APIs, and software supply chains.
The definitive list of the most critical security risks for Large Language Model applications, maintained by OWASP.
The foundation for any LLM security assessment. Required knowledge for vendors building or buyers evaluating AI products.
Adversarial Threat Landscape for AI Systems. A knowledge base of adversary tactics and techniques based on real-world attack observations.
Understand how attackers target AI systems in practice. Critical for threat modeling AI deployments.
A comprehensive database of 1,600+ AI risks extracted from 74 frameworks. Includes causal and domain taxonomies for classifying AI risks.
Comprehensive risk identification for AI governance. Useful for policy development and risk assessments.
The NIST AI Risk Management Framework provides guidance for managing AI risks. Updated in 2025 for generative AI.
Framework for AI governance and risk management. Required reference for enterprise AI deployments.
A comprehensive database cataloging real-world AI failures, harms, and near-misses. Maintained by the Responsible AI Collaborative with over 3,000 incident reports.
Learn from past AI failures to prevent future incidents. Essential for AI risk assessments and due diligence.
The U.S. government repository of standards-based vulnerability data using CVE identifiers. The authoritative source for software vulnerabilities.
Check for known vulnerabilities in software dependencies, frameworks, and infrastructure components.
The EU's vulnerability database mandated by NIS2 Directive. Provides a European alternative to US-centric vulnerability sources with its own EUVD identifiers.
Essential for EU-based organizations and NIS2 compliance. Provides European perspective on vulnerabilities.
The standard awareness document for web application security. Represents broad consensus on the most critical security risks to web applications.
Foundational checklist for any web application security assessment. Required for compliance frameworks.
Security risks specific to APIs, addressing the unique challenges of API-first architectures and microservices.
Essential for assessing API security in SaaS products, mobile backends, and microservices architectures.
A community-developed list of software and hardware weakness types. Serves as a common language for describing security weaknesses.
Understand the root causes of vulnerabilities. Useful for secure code review and developer training.
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Map security controls to known attack techniques. Essential for building detection and response capabilities.
A database of CVEs and GitHub-originated security advisories affecting open source software.
Monitor open source dependencies for known vulnerabilities. Critical for software supply chain security.
Our security experts can help you understand how these databases apply to your AI systems and vendor assessments.