Framework Explorer / OWASP Agentic AI Top 10
OWASP Agentic AI Top 10 in the AI Governance Framework Explorer
The OWASP Agentic AI threat catalog addresses risks unique to autonomous AI agents: systems that plan, use tools, hold memory, and act with delegated authority. It extends LLM security thinking to multi-step, tool-using architectures.
Open the Interactive ExplorerJump to OWASP Agentic AI Top 10
Every OWASP Agentic AI Top 10 entry, explained
Titles identify each requirement; the one-line summaries below are original Tech Jacks plain-English descriptions, not official standard text. Click any ID to open the full entry — implementation guidance, evidence checklists, risk analysis, and FAQs — in the interactive explorer.
MANIP — Agent Manipulation1 entries
Agent manipulation exploits autonomous decision-making to hijack goals and cascade malicious actions through crafted prompts and adversarial inputs.
TOOLS — Tool and Execution Security1 entries
Tool security risks arise from insecure tool implementations, excessive permissions, adversary influence on tool parameters, and unexpected code execution.
ACCESS — Access and Identity1 entries
Access risks include excessive agent privileges, inadequate attribution, privilege escalation through delegation chains, and identity abuse.
MEMORY — Context and Communication1 entries
Context risks include memory poisoning, context manipulation, insecure inter-agent communication, and retrieval manipulation.
RESIL — Resilience and Autonomy1 entries
Resilience risks include cascading failures in multi-agent pipelines, uncontrolled autonomy, inadequate fallback mechanisms, and rogue agent behavior.
SUPPLY — Supply Chain and Infrastructure1 entries
Supply chain risks include compromised agent frameworks, malicious plugins, MCP server vulnerabilities, and cascading trust failures across agent dependencies.
ASI01 — Agent Goal Hijack1 entries
Hidden or crafted prompts redirect an AI agent away from its intended objectives, turning it into an exfiltration or attack vector.
ASI02 — Tool Misuse and Exploitation1 entries
Agents exploit legitimate tools in unintended ways, using authorized capabilities to produce destructive or unauthorized outcomes.
ASI03 — Identity and Privilege Abuse1 entries
Leaked or over-provisioned credentials allow agents to operate far beyond their intended scope, accessing resources without authorization.
ASI04 — Agentic Supply Chain Vulnerabilities1 entries
Risks from third-party tools, plugins, MCP servers, registries, or external components integrated into agent workflows.
ASI05 — Unexpected Code Execution1 entries
Agents generate, modify, or execute code or commands in ways that create security vulnerabilities or operational risks.
ASI06 — Context Management and Retrieval Manipulation1 entries
Memory poisoning or context manipulation reshapes agent behavior long after the initial injection, creating persistent compromise.
ASI07 — Insecure Inter-Agent Communication1 entries
Spoofed, tampered, or intercepted messages between agents misdirect multi-agent workflows and corrupt collaborative decisions.
ASI08 — Cascading Failures1 entries
False signals or errors propagate through automated multi-agent pipelines with escalating and compounding impact.
ASI09 — Human-Agent Trust Exploitation1 entries
Confident, polished agent explanations mislead human operators into approving harmful, unauthorized, or incorrect actions.
ASI10 — Rogue Agents1 entries
Agents exhibit misalignment, concealment, or self-directed action beyond their authorized scope, resisting correction or oversight.
How OWASP Agentic AI Top 10 maps to other frameworks
Sample audited mappings
All 35 mappings are browsable in the interactive explorer and its knowledge graph.
Implementation templates for OWASP Agentic AI Top 10
Related guides
Frequently asked questions
How many OWASP Agentic AI Top 10 entries does the Framework Explorer cover?
16 entries, each with a plain-English explanation, implementation guidance at three organization sizes, evidence checklists, and risk context. 8 entries carry source-grounded risk profiles.
How does OWASP Agentic AI Top 10 relate to the other AI governance frameworks?
The Framework Explorer documents 35 audited cross-framework mappings touching OWASP Agentic AI Top 10, connecting it to ISO/IEC 42001, NIST AI RMF, EU AI Act, ISO/IEC 27001, OWASP LLM Top 10, MITRE ATLAS. Every mapping was verified against the source documents.
Is this content the official OWASP Agentic AI Top 10 text?
No. Entry titles identify each requirement, and all explanations are original plain-English summaries written by Tech Jacks Solutions. For official text, consult the publishing body directly.