The OWASP GenAI Security Project has unveiled its Top 10 for Agentic Applications, a comprehensive guide aimed at helping organizations secure autonomous AI systems. After more than a year of research and collaboration with over 100 security experts, practitioners, and technology providers, this resource addresses the unique threats posed by AI agents operating with a degree of independence.
Agentic AI—systems capable of taking actions and making decisions without direct human input—has rapidly moved from experimental deployments to real-world applications. With that rise comes a new class of security challenges. The OWASP Top 10 for Agentic Applications identifies risks such as Agent Behavior Hijacking, Tool Misuse and Exploitation, and Identity and Privilege Abuse, showing how attackers can manipulate agent behaviors or compromise supporting infrastructure.
“Companies are already exposed to Agentic AI attacks, often without realizing agents are running in their environments,” said Keren Katz, Senior Group Manager of AI Security at Tenable and co-lead of the Top 10 initiative. “Effectively protecting against these threats requires not just security intuition but a deep understanding of agentic AI operations.”
The framework was vetted by OWASP’s Agentic Security Initiative Expert Review Board, including representatives from NIST, the European Commission, and the Alan Turing Institute, ensuring the guidance is both technically sound and globally relevant. Scott Clinton, Co-Chair of the GenAI Security Project, emphasized the urgency: “As AI adoption accelerates, security best practices must keep pace. This Top 10 ensures organizations can adopt autonomous AI safely and securely.”
Beyond the Top 10, the OWASP GenAI Security Project offers a suite of complementary resources, including:
- State of Agentic Security and Governance 1.0: Guidance on AI governance and regulatory considerations.
- Agentic Security Solutions Landscape: A peer-reviewed map of open-source and commercial tools supporting SecOps.
- A Practical Guide to Securing Agentic Applications: Technical guidance for designing and deploying LLM-powered agents safely.
- Reference Application for Agentic Security: A CTF-style tool for testing agentic security skills.
- Agentic AI Threats and Mitigations: A threat-model-based reference detailing emerging risks and countermeasures.
The release follows the success of the OWASP Top 10 for LLM Applications, which has influenced AI security strategies across the industry. Steve Wilson, co-chair of the GenAI Security Project, notes that agentic AI introduces distinct risks that require new guidance: “Our team expanded resources to address how agentic systems behave, interact, and make decisions. Aligning this with LLM security guidance is critical for building safer intelligent systems.”
The OWASP GenAI Security Project is inviting organizations, policymakers, and researchers to access the Top 10, contribute to future updates, and join the global effort to secure autonomous AI systems.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
