World Digital Technology Academy (WDTA)
Generative AI Application Security Testing
and Validation Standard
World Digital Technology Academy Standard
WDTA AI-STR-01
Edition: 2024-04
© WDTA 2024 – All rights reserved.
The World Digital Technology Standard WDTA AI-STR-01 is designated as a WDTA
norm.This document is the property of the World Digital Technology Academy (WDTA) and is
protected by international copyright laws. Any use of this document, including reproduction,
modification, distribution, or republication, without the prior written permission of WDTA, is
prohibited. WDTA is not liable for any errors or omissions in this document.
Discover more WDTA standard and related publications at https://wdtacademy.org/ .
Version History*
Standard ID
Version
Date
Changes
WDTA AI-STR-01
1.0
2024-04
Initial Release
Foreword
World Digital Technology Academy (WDTA) is dedicated to becoming a trailblazer in global digital
tech innovation, aligned with the United Nations framework as an NGO. Upholding its 3S principle—
Speed, Safety, Sharing—WDTA strives to accelerate the creation of digital norms, spearhead research,
encourage international cooperation, and maintain leadership in technological advancement.
Through collaborative efforts, WDTA is dedicated to advancing digital technology for the betterment
of society. The AI STR (Safety, Trust, Responsibility) program, a core part of WDTA’s international
initiatives, addresses the complex challenges brought about by the proliferation of AI systems.
Recognizing the rapid expansion and integration of AI technologies worldwide, AI STR stands at the
forefront of global technological progression.
This standard document provides a framework for testing and validating the security of Generative AI
applications. The framework covers key areas across the AI application lifecycle, including Base
Model Selection, Embedding and Vector Database in the Retrieve Augment Generation design
patterns, Prompt Execution/Inference, Agentic Behaviors, Fine-Tuning, Response Handling, and AI
Application Runtime Security. The primary objective is to ensure AI applications behave securely and
according to their intended design throughout their lifecycle. By providing a set of testing and
validation standards and guidelines for each layer of the AI Application Stack, focusing on security
and compliance, this document aims to assist developers and organizations in enhancing the security
and reliability of their AI applications built using LLMs, mitigating potential security risks, improving
overall quality, and promoting responsible development and deployment of AI technologies.
AI STR program represents a paradigm shift in how we approach the development and deployment of
AI technologies. Championing safety, trust, and responsibility in AI systems, lays the groundwork for
a more ethical, secure, and equitable digital future, where AI technologies serve as enablers of
progress rather than as sources of uncertainty and harm. Generative AI Application Security Testing
and Validation Standard is one of the AI STR standards.
Founding Chairman of WDTA Executive Chairman of WDTA
Acknowledgments
Co-Chair of WDTA AI STR Working Group
Ken Huang (CSA GCR)
Nick Hamilton (OpenAI)
Josiah Burke (Anthorphic)
Lead Authors
Ken Huang (CSA GCR)
Heather Frase (Georgetown University)
Jerry Huang (Kleiner Perkins)
Leon Derczynski (Nvidia)
Krystal (A) Jackson (University of California, Berkeley)
Patricia Thaine (Private AI)
Govindaraj Palanisamy (Global Payments Inc)
Vishwas Manral (Precize.ai)
Qing Hu (Meta)
Ads Dawson (OWASP® Foundation)
Amit Elazari (OpenPolicy)
Apostol Vassilev (National Institute of Standards and Technology)
Bo Li (University of Chicago)
Reviewers
Cari Miller (Center for Inclusive Change)
Daniel Altman (Google)
Dawn Song (University of California, Berkeley)
Gene Shi (Learning-Genie)
Jianling GUO (Baidu)
Jing HUANG (iFLYTEK)
John Sotiropoulos (Kainos)
Josiah Burke (Anthropic)
Lars Ruddigkeit (Microsoft)
Guanchen LIN (Ant Group)
Melan XU (World Digital Technology Academy)
Nathan VanHoudnos (Carnegie Mellon University)
Nick Hamilton (OpenAI)
Rob van der Veer (Software Improvement Group)
Sandy Dunn (BreachQuest, acquired by Resilience)
Seyi Feyisetan (Amazon)
Yushi SHEN (NovNet Computing System Tech Co., Ltd.)
Song GUO (The Hong Kong University of Science and Technology)
Steve Wilson (Exabeam)
Swapnil Modal (Meta)
Tal Shapira (Reco AI)
Anyu WANG (OPPO)
Wicky WANG (ISACA)
Yongxia WANG (Tencent)
