Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Framework Explorer / OWASP Agentic AI Top 10

OWASP Agentic AI Top 10 in the AI Governance Framework Explorer

16 entries 35 cross-framework mappings 8 risk profiles Security risk catalog Advisory

The OWASP Agentic AI threat catalog addresses risks unique to autonomous AI agents: systems that plan, use tools, hold memory, and act with delegated authority. It extends LLM security thinking to multi-step, tool-using architectures.

Open the Interactive ExplorerJump to OWASP Agentic AI Top 10

Every OWASP Agentic AI Top 10 entry, explained

Titles identify each requirement; the one-line summaries below are original Tech Jacks plain-English descriptions, not official standard text. Click any ID to open the full entry — implementation guidance, evidence checklists, risk analysis, and FAQs — in the interactive explorer.

MANIP — Agent Manipulation1 entries
MANIPAgent Manipulation

Agent manipulation exploits autonomous decision-making to hijack goals and cascade malicious actions through crafted prompts and adversarial inputs.

TOOLS — Tool and Execution Security1 entries
TOOLSTool and Execution Security

Tool security risks arise from insecure tool implementations, excessive permissions, adversary influence on tool parameters, and unexpected code execution.

ACCESS — Access and Identity1 entries
ACCESSAccess and Identity

Access risks include excessive agent privileges, inadequate attribution, privilege escalation through delegation chains, and identity abuse.

MEMORY — Context and Communication1 entries
MEMORYContext and Communication

Context risks include memory poisoning, context manipulation, insecure inter-agent communication, and retrieval manipulation.

RESIL — Resilience and Autonomy1 entries
RESILResilience and Autonomy

Resilience risks include cascading failures in multi-agent pipelines, uncontrolled autonomy, inadequate fallback mechanisms, and rogue agent behavior.

SUPPLY — Supply Chain and Infrastructure1 entries
SUPPLYSupply Chain and Infrastructure

Supply chain risks include compromised agent frameworks, malicious plugins, MCP server vulnerabilities, and cascading trust failures across agent dependencies.

ASI01 — Agent Goal Hijack1 entries
ASI01Agent Goal Hijack

Hidden or crafted prompts redirect an AI agent away from its intended objectives, turning it into an exfiltration or attack vector.

ASI02 — Tool Misuse and Exploitation1 entries
ASI02Tool Misuse and Exploitation

Agents exploit legitimate tools in unintended ways, using authorized capabilities to produce destructive or unauthorized outcomes.

ASI03 — Identity and Privilege Abuse1 entries
ASI03Identity and Privilege Abuse

Leaked or over-provisioned credentials allow agents to operate far beyond their intended scope, accessing resources without authorization.

ASI04 — Agentic Supply Chain Vulnerabilities1 entries
ASI04Agentic Supply Chain Vulnerabilities

Risks from third-party tools, plugins, MCP servers, registries, or external components integrated into agent workflows.

ASI05 — Unexpected Code Execution1 entries
ASI05Unexpected Code Execution

Agents generate, modify, or execute code or commands in ways that create security vulnerabilities or operational risks.

ASI06 — Context Management and Retrieval Manipulation1 entries
ASI06Context Management and Retrieval Manipulation

Memory poisoning or context manipulation reshapes agent behavior long after the initial injection, creating persistent compromise.

ASI07 — Insecure Inter-Agent Communication1 entries
ASI07Insecure Inter-Agent Communication

Spoofed, tampered, or intercepted messages between agents misdirect multi-agent workflows and corrupt collaborative decisions.

ASI08 — Cascading Failures1 entries
ASI08Cascading Failures

False signals or errors propagate through automated multi-agent pipelines with escalating and compounding impact.

ASI09 — Human-Agent Trust Exploitation1 entries
ASI09Human-Agent Trust Exploitation

Confident, polished agent explanations mislead human operators into approving harmful, unauthorized, or incorrect actions.

ASI10 — Rogue Agents1 entries
ASI10Rogue Agents

Agents exhibit misalignment, concealment, or self-directed action beyond their authorized scope, resisting correction or oversight.

How OWASP Agentic AI Top 10 maps to other frameworks

ISO/IEC 420018 audited mappingsview framework →
NIST AI RMF4 audited mappingsview framework →
EU AI Act5 audited mappingsview framework →
ISO/IEC 270015 audited mappingsview framework →
OWASP LLM Top 105 audited mappingsview framework →
MITRE ATLAS8 audited mappingsview framework →

Sample audited mappings

HighA.9.3ASI01Responsible use objectives including human oversight defend against agent goal hijacking
MediumA.9.4ASI02Intended use compliance provides governance context for detecting agent tool misuse
MediumA.9.2ASI03Responsible use processes provide governance framework for agent identity and privilege controls
MediumA.10.2ASI04Supply chain responsibility allocation supports governance of agentic component risks
MediumA.6.2.3ASI05AI system design documentation including security considerations supports code execution boundary awareness
MediumA.7.4ASI06Data quality requirements may extend to agent memory and context data integrity

All 35 mappings are browsable in the interactive explorer and its knowledge graph.

Implementation templates for OWASP Agentic AI Top 10

Related guides

Frequently asked questions

How many OWASP Agentic AI Top 10 entries does the Framework Explorer cover?

16 entries, each with a plain-English explanation, implementation guidance at three organization sizes, evidence checklists, and risk context. 8 entries carry source-grounded risk profiles.

How does OWASP Agentic AI Top 10 relate to the other AI governance frameworks?

The Framework Explorer documents 35 audited cross-framework mappings touching OWASP Agentic AI Top 10, connecting it to ISO/IEC 42001, NIST AI RMF, EU AI Act, ISO/IEC 27001, OWASP LLM Top 10, MITRE ATLAS. Every mapping was verified against the source documents.

Is this content the official OWASP Agentic AI Top 10 text?

No. Entry titles identify each requirement, and all explanations are original plain-English summaries written by Tech Jacks Solutions. For official text, consult the publishing body directly.

Explore the other frameworks