We Built an Open-Source Framework to Run All 42 OWASP AI Security Tests . Here's What We Found

AI security testing is no longer optional. The EU AI Act deadline is August 2, 2026. OWASP published the Agentic AI Top 10 in December 2025. And the most popular open-source LLM testing tool just got acquired by OpenAI. We needed a vendor-neutral alternative. So we built Tessera — an open-source framework that runs 42 automated OWASP security tests against any AI model or agent. The Problem The AI security tool landscape is fragmented: Garak : LLM probes only — no CV, no infrastructure, no data governance, no agentic AI Promptfoo : Now OpenAI-owned — not vendor-neutral for testing OpenAI models HiddenLayer / Protect AI : Proprietary SaaS — not self-hosted, not extensible None of them cover the full OWASP attack surface. None of them test agentic AI systems. None of them generate EU AI Act compliance reports. What Tessera Does 42 automated security tests across 5 OWASP categories: Category Tests What It Covers MOD — Model Security 7 Adversarial attacks, poisoning, model inversion, align