What is OWASP AI Red Teaming Solutions Landscape Taxonomy?
If the OWASP LLM and Agentic Top 10 answer 'what can go wrong,' this taxonomy answers 'what must your security program actually do about it.' It maps red, blue, purple, and shared capabilities across nine lifecycle stages - from Plan and Test through Operate and Govern.
What this looks like in production
Vendor demos all look like 'we do red teaming.' Without a shared grid, you cannot tell adversarial suites from a one-off pen test, or runtime guardrails from a slide deck. Use this alongside LLM01-LLM10 and ASI01-ASI10: risks on one axis, capabilities on the other.
What teams usually do about it
- Compare tools on the same capability matrix, not feature bullet lists.
- Find lifecycle gaps - especially Test, Operate, and Govern.