OWASP Top 10 Risks
The OWASP Top 10 for AI Agentic Applications is a security framework developed by the Open Worldwide Application Security Project to identify and mitigate critical vulnerabilities in AI agents and autonomous systems. Unlike traditional OWASP Top 10 lists focused on web applications, this framework specifically addresses security risks that emerge when AI systems operate with degrees of autonomy and make decisions with real-world consequences. The framework recognizes that agentic systems introduce unique attack surfaces and failure modes distinct from conventional software applications.
Key Vulnerabilities
The framework identifies security risks including prompt injection attacks, where malicious inputs manipulate agent behavior; insecure output handling, where agent responses are not properly validated before execution; and training data poisoning, where malicious data corrupts model behavior. Additional risks encompass inadequate access control, allowing agents to perform unauthorized actions; insufficient monitoring and logging, hampering incident detection; and model supply chain vulnerabilities where compromised dependencies introduce security flaws. The framework also addresses risks related to improper error handling, model theft, and insufficient AI governance structures.
Purpose and Application
The framework serves as guidance for organizations developing and deploying AI agents, helping security teams, developers, and decision-makers understand the evolving threat landscape. By establishing a shared language around agentic AI security, OWASP provides a foundation for implementing defensive measures proportionate to the autonomy and impact of deployed systems. The framework remains actively updated as AI capabilities and attack vectors evolve.