OWASP Releases Top Ten Security Threats for AI Agents
The Open Web Application Security Project (OWASP) has officially published its inaugural list of the top ten security threats facing agentic artificial intelligence (AI) applications. Announced at Black Hat Europe 2025, the list highlights risks such as agent goal hijacking, privilege abuse, unexpected code execution, insecure inter-agent communication, and memory/context poisoning. Alongside the list, OWASP released governance and security guides for AI agents, a visual risk map for open-source and commercial agentic AI tools, and a Capture The Flag application (FinBot) to help cybersecurity teams practice defending against these threats. The initiative aims to help organizations understand and mitigate the rapidly expanding attack surface introduced by the proliferation of AI agents across enterprise environments.
Industry experts, including members of the Agentic Security Initiative (ASI) Distinguished Review Board, have emphasized the significance of this release, noting the growing adoption of agentic AI in sectors such as GRC, AppSec, and SecOps, as well as its exploitation by malicious actors. The OWASP Top 10 for Agentic Applications is positioned as a foundational resource for security leaders, developers, and practitioners to assess and address the unique risks posed by autonomous AI agents, supplementing previous OWASP projects focused on web applications and large language models. The publication is expected to drive further research, awareness, and best practices in securing agentic AI systems as their use becomes more widespread.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
OWASP publishes supporting AI agent security guidance and training resources
Alongside the Top 10 list, the OWASP GenAI Security Project released additional governance and security guides, a risk map for AI tools, and a FinBot capture-the-flag application to help defenders understand and practice against AI agent threats. The materials were announced at Black Hat Europe 2025 as part of broader guidance for securing enterprise AI-agent deployments.
OWASP releases first Top 10 for Agentic Applications
OWASP published its first official Top 10 list covering security risks in agentic or AI-agent applications. The guidance identifies threats including goal hijacking, tool misuse, identity and privilege abuse, supply chain weaknesses, unexpected code execution, insecure inter-agent communication, and rogue agents.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Cybersecurity Snapshot: OWASP Ranks Top Agentic AI App Risks, as CISA Lists Most Dangerous Software Flaws
tenable.com
Open sourceOWASP Project Publishes List of Top Ten AI Agent Threats
securityboulevard.com
Open sourceOWASP Top 10 for Agentic Applications
resilientcyber.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
OWASP Releases First AI Agent Risk List for Agentic Applications
The Open Web Application Security Project (OWASP) has published its inaugural "Top 10 for Agentic Applications," a risk framework specifically addressing the unique security challenges posed by advanced AI agents. These agents, which go beyond simple chatbots to autonomously access data, use tools, and execute tasks, introduce new attack surfaces and risks such as agent goal hijacking, tool misuse, and privilege abuse. The list was developed with input from over 100 security researchers and validated by experts from organizations like NIST and the European Commission, and is based on real-world incidents where AI agents have been manipulated to exfiltrate data, misuse tools, or cause cascading failures in enterprise workflows. Security experts highlight that the rise of agentic AI also exposes previously overlooked vulnerabilities, such as shadow APIs and legacy systems that were once considered secure by obscurity. AI agents are capable of discovering and interacting with undocumented or forgotten APIs, making even antiquated systems vulnerable if they are connected to modern networks. The new OWASP framework underscores the urgent need for organizations to reassess their security postures, increase visibility into internal systems, and proactively address the risks introduced by autonomous AI agents and their ability to exploit both new and legacy infrastructure.
Mar 21, 2026
OWASP Releases Top 10 Security Risks for Agentic AI Applications
The Open Worldwide Application Security Project (OWASP) has launched a comprehensive initiative to address the security risks associated with agentic and autonomous AI systems. This includes the release of the "Top 10 for Agentic Applications 2026," a globally peer-reviewed framework that identifies the most critical security risks for these AI systems, along with an AI testing guide and a dynamic web-based vulnerability assessment tool. The framework highlights risks such as agent goal hijack and tool misuse, providing organizations with actionable mitigation recommendations and practical tools to secure their AI deployments. These efforts come as industries, particularly financial services, face increasing threats from generative and agentic AI, which can accelerate attack timelines and introduce new vectors such as deepfake-driven fraud and rapid ransomware campaigns. The OWASP initiative aims to equip security teams with the necessary resources to proactively address these evolving risks, emphasizing the importance of embedding security into AI systems from the outset and keeping pace with the rapidly changing threat landscape.
Mar 21, 2026
Security Frameworks and Guardrails for Agentic AI Systems
The rapid adoption of agentic AI—autonomous or semi-autonomous agents capable of executing complex tasks—has introduced new security challenges, prompting the development of specialized frameworks and tools. The open-source Superagent framework provides developers and security teams with mechanisms to define, control, and monitor the actions of AI agents, enforcing guardrails such as role-based permissions, API access restrictions, and runtime policy enforcement through a dedicated Safety Agent. This approach enables organizations to integrate agentic AI into existing systems while maintaining traceability, accountability, and compliance with security policies. In parallel, the release of the OWASP Agentic AI Top 10 marks the first industry-standard security framework focused on the unique risks posed by autonomous AI agents. The framework categorizes threats such as agent goal hijacking, tool misuse, privilege abuse, and supply chain vulnerabilities, reflecting real-world attacks observed as agentic AI systems have moved into production. By establishing a common vocabulary and risk taxonomy, the OWASP framework aims to accelerate the development of effective defenses and industry best practices for securing agentic AI environments.
Mar 21, 2026