Watch the GenAI Security Project’s – Agentic AI Security Summit, Europe from London

|

WATCH THE RECORDING !

OWASP GenAI Security Project Releases Top 10 Risks and Mitigations for Agentic AI Security

Culmination of over 100 industry leaders’ input and extensive published resources to deliver critical guidance to address Agentic AI Security risks

 

WILMINGTON, Del. — Dec. 10, 2025 — The OWASP GenAI Security Project (genai.owasp.org), a leading global open-source and expert community dedicated to delivering practical guidance and tools for securing generative and agentic AI, today released the OWASP Top 10 for Agentic Applications, a key resource to help organizations identify and mitigate the unique risks posed by autonomous AI agents. 

Following more than a year of research, review and refinement, this Top 10 list reflects a culmination of input from over 100 security researchers, industry practitioners, user organizations and leading cybersecurity and Gen AI technology providers. The result is not only a list of risks and mitigations, but a suite of resources designed for practitioners providing data-driven guidance.

The framework was further evaluated by the GenAI Security Project’s Agentic Security Initiative Expert Review Board which includes representatives from recognized bodies around the world such as NIST, European Commission and the Alan Turing Institute, among others. A full list of contributing organizations can be found here. 

“This new OWASP Top 10 reflects incredible collaboration between AI security leaders and practitioners across the industry,” said Scott Clinton, OWASP GenAI Security Project Co-Chair, Board Member, Co-Founder. “As AI adoption accelerates faster than ever, security best practices must keep pace. The community’s responsiveness has been remarkable, and this Top 10, along with our broader open-source resources, ensures organizations are better equipped to adopt this technology safely and securely.”

Agent Behavior Hijacking, Tool Misuse and Exploitation and Identity and Privilege Abuse are some of the highlighted threats within the Top 10 and showcase how attackers can subvert agent capabilities or their supporting infrastructure. Incidents involving these agentic systems are increasingly capable across industries, elevating the need for these new resources.

“Companies are already exposed to Agentic AI attacks – often without realizing that agents are running in their environments,” said Keren Katz, Top 10 for Agentic AI Applications Co-Lead at OWASP, Senior Group Manager of AI Security at Tenable. “While the threat is already here, the information available about this new attack vector is overwhelming. Effectively protecting a company against Agentic AI requires not only strong security intuition but also a deep understanding of how AI agents fundamentally operate.”

“Agentic AI introduces a fundamentally new threshold of security challenges, and we are already seeing real incidents emerge across industry,”said John Sotiropoulos, GenAI Security Project Board member, Agentic Security Initiative and Top 10 for  Agentic Applications Co-lead, Head of AI Security, Kainose. “Our response must match the pace of innovation, which is why this Top 10 focuses on practical, actionable guidance grounded in real-world attacks and mitigations. This release marks a pivotal moment in securing the next generation of autonomous AI systems.”

The Top 10 for Agentic Applications joins a growing portfolio peer-reviewed resources released by the OWASP GenAI Security Project and its Agentic Security Initiative, including:

“Over the past two and a half years, the OWASP Top 10 for LLM Applications has shaped much of the industry’s thinking on AI security,” said, Steve Wilson, OWASP GenAI Security Project Board Co-Chair, Founder OWASP Top 10 for LLM, CPO Exabeam, Inc. “This year, we’ve seen agentic systems move from experiments to real deployments, and that shift brings a different class of threats into clear view. Our team met that challenge by expanding our guidance to address how agentic systems behave, interact, and make decisions. The LLM Top 10 will remain a core, regularly updated resource, and aligning both efforts is key to helping the community build safer, more reliable intelligent systems.

Discover what industry experts, researchers and leading global organizations have to say about the new Top 10 for Agentic Applications here.  

The OWASP GenAI Security Project invites organizations, researchers, policymakers and practitioners to access the new Top 10 for Agentic Applications, contribute to future updates and join the global effort to build secure, trustworthy AI systems. Visit our site to learn more and how you can contribute.

About OWASP Gen AI Security Project

The OWASP Gen AI Security Project (genai.owasp.org) is a global, open-source initiative and expert community dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies, including large language models (LLMs), agentic AI systems, and AI-driven applications. Our mission is to empower organizations, security professionals, AI practitioners, and policymakers with comprehensive, actionable guidance and tools to ensure the secure development, deployment, and governance of generative AI systems. Visit our site to learn more.

####

See what industry leaders, contributors and experts are saying about the OWASP GenAI Security Project’s – OWASP Top 10 for Agentic Applications Announcement.

For a full list of industry comments and quotes visit: https://genai.owasp.org/quotes


“We’re proud to stand alongside OWASP, and the OWASP GenAI Security Project in shaping the future of safe and responsible agentic AI. The Top 10 for Agentic Applications is a critical step in helping organizations innovate and adopt agentic systems with confidence. This recognition highlights the importance of strong guardrails and the shared responsibility we all have to ensure agentic systems empower users without compromising safety.”

Noam Schwartz CEO and Co-founder at ActiveFence

 

“The OWASP Top 10 for Agentic Applications, from the OWASP GenAI Security Project comes at a time when the industry desperately needs guidance on critical risks related to a technology that is poised to transform the era ahead”

Chris Huges, Co-founder, CEO Aquia

 

“The launch of the Agentic Top 10 represents a remarkably quick turnaround from OWASP in addressing security gaps for AI agents. Even though production agentic systems are still in their early stages, we now have a framework that illuminates the critical security considerations which is essential for anyone looking to adopt AI agents securely.” 

— Tal Skverer, Head of Research at Astrix Security

 

The OWASP community has done important work in identifying and addressing security considerations for agentic AI applications. As the technology industry collectively works to understand and mitigate the unique risks that come with emergent AI capabilities, frameworks like the OWASP Top 10 for Agentic AI 2026 provide valuable insights for developers and security professionals. AWS is pleased to be a contributor to this project and to the broader industry dialogue, helping ensure that security best practices evolve alongside AI innovation.

Matt Saner, Amazon Web Services | Sr. Manager, Security Specialist SAs | AWS Industries

 

The OWASP Agentic Top 10 is actually powerful because of the community that supports it, not just the content. Security engineers, AI researchers, red teamers, architects, and builders from all across the world contributed their time and talents to create this list. It’s a reminder that when the global community comes together with a common objective, we develop standards that the entire business can trust. 

Idan Habler, PhD, OWASP ASI core team, AI & Security Researcher, Ben

 

“The OWASP Top 10 for Agentic Applications is grounded in deep technical analysis and broad industry collaboration.  The rigor behind this list provides more than a summary of concerns—it’s a thoroughly validated foundation you can safely anchor your security attention to.” 

Hyrum Anderson, Sr. Director, AI & Security, Cisco

 

“I’m honored to have contributed to the OWASP Top 10 for Agentic Applications. Congratulations to the entire OWASP community for this landmark achievement—the OWASP Top 10 for Agentic Applications framework from the OWASP GenAI Security project ASI working group will be instrumental in helping organizations secure the next generation of autonomous AI systems.”

Ken Huang, Head DistributedApps.AI

 

OWASP’s new Agentic AI Top 10 shines a light on the risks reshaping today’s internet – goal hijacking, identity abuse, human trust manipulation, and rogue autonomous behaviors. These are the threats HUMAN has been preparing the industry for. With AgenticTrust,  organizations can govern AI agents with confidence – verifying intent, blocking harmful activity, and enabling trusted agentic commerce at scale.

Timer Elias, Senior Director of Product Management, Human

 

“AI agents represent the next evolution of enterprise security challenges. Agentic Security requires real-time intent controls and adaptive guardrails that keep agents aligned with authorized behavior, organizational policies, and compliance. Lasso is proud to take part in the new OWASP Top 10 for AI Agents and to advance runtime-intent security solutions that enable safer, more trustworthy AI adoption across the enterprise.”

Lasso Security

 

“ The OWASP Top 10 for Agentic Applications arrives at the right moment, offering a framework to help organizations innovate responsibly while building agentic systems that are resilient, predictable and secure at scale.”

Eva Benn, Principle Security Program Manager (MSRC), Microsoft

 

“Timely, technically sound, and immediately actionable—this guidance sets a new standard for how we approach Agentic AI security”

Apostol Vassilev, Adversarial AI Lead, NIST

 

“The OWASP Top Ten for Agentic Applications enables businesses to assess emerging security risks as agents are adopted in their organization. It illustrates the need to discover usage of AI agents throughout the enterprise, evaluate sources of risk, and prevent threats at every step. Palo Alto Networks is proud to collaborate with OWASP as agentic applications continue to expand the attack surface.” 

– Jaimin Patel, VP Product, Prisma AIRS, Palo Alto Networks

“LLM security focused on single model interactions. Agentic security addresses what happens when those models can plan, persist, and delegate across tools and systems. The OWASP Agentic Top 10 captures this shift from preventing bad outputs to preventing cascading failures across autonomous systems.” 

Rock Lambrose, CEO & Founder, RockCyber

 

“Security teams are asking where to start with agentic AI. The OWASP Top 10 Risks and Mitigations for Agentic AI 2026 gives a focused, actionable path to safeguard autonomy and build systems that behave as intended.”

Helen Oakley, VP Software and AI Security

 

“Security in agentic AI is essential, not optional. Agentic systems introduce new failure modes, including tool misuse, prompt injection, and data leakage. The OWASP Top 10 for Agentic Applications provides clear, practical steps to address these issues through vulnerability descriptions, threat mappings, and mitigation guidance. SAS is working with OWASP and the OWASP GenAI Security Project to keep security built in at every stage, from design and evaluation to deployment and operations, so teams can deliver systems that are resilient and trustworthy.”  

 – Udo Sglavo, Vice President, Applied AI and Modeling, R&D at SAS

 

“The OWASP Agentic Top 10 gives builders, security teams, and business leaders a shared, vendor-neutral roadmap for understanding and reducing Agentic AI risks before they reach production. At SecuraAI, we see this project as foundational infrastructure for the next wave of AI: it turns scattered lessons from the field into practical, open guidance that anyone can use. We’re proud to support a community effort that raises the security baseline for agentic applications worldwide and helps organizations deploy powerful AI agents with confidence, accountability, and trust.” 

– Rani Kumar Rajah, Founder & CEO – SecuraAI

 

“We are onboarding a new, autonomous workforce into the enterprise, and the OWASP Top 10 for Agentic Applications serves as the first true code of conduct for these digital employees. Explicitly defining behavioral risks like tool misuse and goal hijacking provides the C-suite and agent builders the framework needed to move from cautious experimentation to confident, scalable deployment. This guidance enables secure innovation and helps architect the governance required to let agents drive real business value.” 

 – Josh Devon, Co-founder and CEO, Sondera

 

“Agentic AI promises to redefine how software supports human goals by orchestrating workflows, reasoning over data and acting much like a trusted digital teammate. The OWASP Top 10 for Agentic Applications lays the foundation for that future to be powerful and safe. By addressing risks like too misuse, memory poisoning and privilege escalation early, we ensure that autonomous agents amplify innovation instead of vulnerabilities.” 

Venkata Sai Kishore Modalavalasa, Contributor to the Top 10, Chief Architect at Straiker.

 

“Agents are how AI becomes impactful in the enterprise. They act, adapt, and make business decisions – if we let them. But business decisions come hand-in-hand with taking on risk. And in the case of agentic applications, failures can be catastrophic. The OWASP Top 10 for Agentic Applications creates a shared language of the major risks that may affect agents. This language will have a common understanding of the risk, and enable more industry collaboration to make agents trustworthy.”

– Michael Bargury, CTO and co-founder at Zenity

Related Blogs

OWASP and the OWASP logo are trademarks of the OWASP Foundation, Inc. Unless otherwise specified, all content on the site is Creative Commons Attribution-ShareAlike v4.0 and provided without

warranty of service or accuracy. For more information, please refer to our General Disclaimer.  – Copyright © 2025 OWASP Foundation, Inc.

Scroll to Top