OWASP Top 10 For AI Agents
The OWASP Top 10 for AI Agents is a security framework developed by the Open Worldwide Application Security Project to identify and mitigate the most critical vulnerabilities in autonomous AI systems. Unlike traditional OWASP frameworks designed for web applications or APIs, this framework addresses the distinct attack surfaces and operational risks introduced by AI agents—systems capable of perceiving their environment, making decisions, and taking actions with minimal human intervention. The framework recognizes that AI agents present novel security challenges beyond conventional software vulnerabilities.
Purpose and Scope
The framework provides organizations with guidance on securing AI agentic applications throughout their development and deployment lifecycle. It identifies common security risks that emerge from agent autonomy, including issues related to prompt injection, model manipulation, unsafe tool usage, and inadequate oversight mechanisms. By establishing a shared taxonomy of AI agent risks, the framework aims to foster better security practices across the industry and help developers and security teams prioritize their defensive efforts.
Application and Adoption
Security professionals, AI developers, and organizations deploying AI agents use this framework as a reference for threat modeling, vulnerability assessment, and security testing. The framework is intended to complement existing security practices and standards while acknowledging that AI agent security requires specialized attention to aspects like agent behavior validation, sandbox limitations, and autonomous decision-making safeguards. As agentic AI systems become more prevalent, the framework serves as an evolving resource reflecting emerging threats and defensive strategies.