OWASP Releases Agentic AI Top 10 Framework

First reported

29.12.2025 17:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

OWASP has released its first Top 10 framework for Agentic Applications, highlighting ten key risk categories specific to autonomous AI systems. The framework addresses real-world attacks observed in 2025, including agent goal hijacking, tool misuse, supply chain vulnerabilities, and unexpected code execution. These risks emerge from AI agents' ability to autonomously fetch content, execute code, and make decisions, which traditional security measures struggle to address. The framework aims to provide a shared language for security teams, vendors, and researchers to improve defenses against these evolving threats.

Timeline

29.12.2025 17:00 1 articles · 23h ago

OWASP Releases Agentic AI Top 10 Framework
OWASP has released its first Top 10 framework for Agentic Applications, identifying ten key risk categories specific to autonomous AI systems. The framework addresses real-world attacks observed in 2025, including agent goal hijacking, tool misuse, supply chain vulnerabilities, and unexpected code execution. These risks emerge from AI agents' ability to autonomously fetch content, execute code, and make decisions, which traditional security measures struggle to address. The framework aims to provide a shared language for security teams, vendors, and researchers to improve defenses against these evolving threats.
Show sources

The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
Open in new tab

Information Snippets

OWASP's Agentic Top 10 identifies ten risk categories specific to autonomous AI systems.
First reported: 29.12.2025 17:00

1 source, 1 article
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
Agent Goal Hijack (ASI01) involves manipulating an agent's objectives through injected instructions.
First reported: 29.12.2025 17:00

1 source, 1 article
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
Tool Misuse & Exploitation (ASI02) occurs when agents misuse legitimate tools due to manipulation.
First reported: 29.12.2025 17:00

1 source, 1 article
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
Agentic Supply Chain Vulnerabilities (ASI04) target MCP servers, plugins, or external agents.
First reported: 29.12.2025 17:00

1 source, 1 article
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00
Unexpected Code Execution (ASI05) involves agents generating or running malicious code.
First reported: 29.12.2025 17:00

1 source, 1 article
Show sources
- The Real-World Attacks Behind OWASP Agentic AI Top 10 — www.bleepingcomputer.com — 29.12.2025 17:00