The OWASP GenAI Security Project has launched the OWASP Top 10 for Agentic Applications, a critical new framework designed to help organizations identify and mitigate the unique security risks posed by autonomous AI agents. Developed by a global community of over 100 security experts, the list provides actionable, data-driven guidance as agentic systems move from experimentation to real-world deployment, bringing a new class of security threats into focus.
Quick Intel
The OWASP GenAI Security Project releases the Top 10 for Agentic Applications, a key guide for securing autonomous AI systems.
The list results from over a year of research by 100+ global experts, reviewed by bodies including NIST and the European Commission.
It highlights novel threats like Agent Behavior Hijacking, Tool Misuse, and Identity & Privilege Abuse.
The framework addresses the shift from LLM security to the new risks of interactive, decision-making agents.
It is part of a growing suite of peer-reviewed, practical resources for agentic security and governance.
The release signals that agentic AI attacks are already occurring, demanding new security practices.
The development of this Top 10 list represents a significant collaborative effort within the cybersecurity and AI communities. Following more than a year of research, input was synthesized from security researchers, industry practitioners, and leading technology providers. The framework was further evaluated by an Expert Review Board with representatives from global standards bodies. "As AI adoption accelerates faster than ever, security best practices must keep pace," said Scott Clinton, Co-Chair of the OWASP GenAI Security Project. This release is positioned as the community's response to the urgent need for standardized guidance in a rapidly evolving threat landscape.
The Top 10 list moves beyond the established risks of static large language models (LLMs) to address the dynamic nature of agentic AI. Key highlighted threats illustrate how attackers can subvert autonomous systems:
Agent Behavior Hijacking: Manipulating an agent's goals or actions after deployment.
Tool Misuse and Exploitation: Abusing the tools and APIs an agent has access to perform malicious actions.
Identity and Privilege Abuse: Exploiting the identity context or excessive permissions granted to an agent.
"Companies are already exposed to Agentic AI attacks - often without realizing that agents are running in their environments," noted Keren Katz of Tenable, a co-lead of the initiative. The list aims to cut through overwhelming information and provide a clear, prioritized view of these novel attack vectors.
The Top 10 is not an isolated document but the cornerstone of a broader suite of resources published by the project's Agentic Security Initiative. This ecosystem includes:
The State of Agentic Security and Governance 1.0: A guide to governance and regulations.
A Practical Guide to Securing Agentic Applications: Technical design and deployment guidance.
Agentic AI Threats and Mitigations: A threat-model-based reference.
Reference Application for Agentic Security: A Capture The Flag environment for skills practice.
This comprehensive approach provides organizations with both strategic governance frameworks and hands-on technical guidance.
The release complements, rather than replaces, the established OWASP Top 10 for LLM Applications. "This year, we've seen agentic systems move from experiments to real deployments, and that shift brings a different class of threats into clear view," explained Steve Wilson, Founder of the OWASP Top 10 for LLM. The two lists will be maintained in parallel, with the LLM Top 10 focusing on foundational model risks and the Agentic Top 10 addressing the complex security implications of systems that can plan, interact with tools, and execute tasks autonomously.
The publication of the OWASP Top 10 for Agentic Applications marks a pivotal moment in AI security, establishing a common language and baseline for securing the next generation of autonomous systems. It serves as a critical call to action for developers, security teams, and policymakers to integrate these considerations from the outset. By providing open, peer-reviewed, and practical resources, OWASP aims to empower the global community to build and deploy agentic AI with greater safety, reliability, and trust.
About OWASP Gen AI Security Project
The OWASP Gen AI Security Project (genai.owasp.org) is a global, open-source initiative and expert community dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies, including large language models (LLMs), agentic AI systems, and AI-driven applications. Our mission is to empower organizations, security professionals, AI practitioners, and policymakers with comprehensive, actionable guidance and tools to ensure the secure development, deployment, and governance of generative AI systems. Visit our site to learn more.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.