The OWASP Top 10 2025 is out.

And AI barely shows up.

Broken Access Control. Security Misconfiguration. Software Supply Chain Failures. The classic topics still dominate. None of this is new.

What that means: AI does not change the fundamental rules of security. Secure coding guidelines apply today just as they did ten years ago.

There was one AI-related topic, but it did not make the Top 10. OWASP lists it as X03:2025 in the "Next Steps" section: "Inappropriate Trust in AI Generated Code". My summary: whoever uses code is responsible for understanding and reviewing it.
That is not a new principle either.

So the homework stays the same.