OWASP AIVSS Project Announces the Release of v0.8 Scoring System for Agentic AI Security Risks in Co-Publication with AIUC-1 and Leading OWASP Projects

The release of AIVSS v0.8 marks a pivotal step in standardizing how enterprises evaluate the security posture of autonomous AI agents. By integrating a massive feedback loop of 1,900 practitioner comments, the framework now reflects real‑world threat landscapes, offering a more precise quantitative model that captures risk amplification unique to agentic systems. This evolution aligns the scoring methodology with leading industry standards such as NIST’s AI Risk Management Framework, CSA MAESTRO, and the emerging AIUC‑1 specification, creating a bridge between technical assessment and regulatory compliance.

Beyond the numbers, the new crosswalk between AIVSS and AIUC‑1 provides a practical pathway for cyber‑insurance underwriting and risk transfer. Insurers can now reference a shared scoring language to price policies, while organizations gain a clear compliance checklist that dovetails with existing governance programs. The inclusion of an empirical appendix, featuring expert survey rankings, adds credibility and data‑driven insight, helping security teams prioritize remediation efforts based on documented risk severity.

Complementing the quantitative upgrades, the project’s simultaneous rollout of an SSVC decision‑tree introduces a qualitative layer for stakeholder‑specific prioritization. This hybrid approach acknowledges that raw scores alone cannot dictate remediation; contextual business impact and stakeholder risk appetite must shape action plans. As the community prepares for the public review period starting April 16, 2026, and the roadmap toward a full v1.0 release, AIVSS is poised to become the de‑facto benchmark for agentic AI security, influencing product design, compliance audits, and strategic risk management across the AI ecosystem.