Guides

Plain-language guides to the frameworks and threat models security teams need to operationalize in 2026. Two of the guides below are gated — meaning the full PDF is delivered to your inbox after a short signup.

Frameworks and threat models

OWASP Top 10 for LLM Applications 2025, explained

all ten risks with practical mitigations.

OWASP Top 10 for Agentic Applications 2026, explained

the new threat model for AI agents and MCP, released December 2025.

Compliance and readiness

ISO/IEC 42001 Readiness Checklist

gated. ~25 readiness items across governance, risk, lifecycle, operations, and monitoring.

EU AI Act Compliance Roadmap

gated. Article 16 obligations and a 90-day plan for the August 2, 2026 high-risk deadline.

Cadence

Framework guides are updated when the underlying framework is materially revised. The OWASP LLM Top 10 will be updated when OWASP releases the next major revision; we will track and document the changes. The OWASP Agentic Top 10 (released December 2025) is on its first cycle and we expect a refresh during 2026. The ISO 42001 readiness checklist is updated when ISO publishes amendments. The EU AI Act roadmap is updated as enforcement guidance from EU member states is published.

How to use these guides

Three patterns we observe:

Threat-model literacy.

Read the OWASP LLM Top 10 and OWASP Agentic Top 10 explainers as background before evaluating AI security products. Knowing the threat model gives you sharper questions during vendor briefings.

Compliance program scaffolding.

Use the ISO 42001 readiness checklist and the EU AI Act compliance roadmap as scaffolding for a real compliance program. The checklist is structured to be filled in by a real organization with real evidence.

Vendor framework-alignment audit.

Use the framework guides to audit vendor framework-alignment claims. Vendors that claim NIST AI RMF or ISO 42001 alignment but cannot produce a mapping document at the level of detail in our guides should be pressed for it.

Reviews

Research

PDFs

Best Of