OWASP Agentic AI Top 10 — Threat Videos

Ten ~60-second narrated explainers. Each video covers the 2025 LLM predecessor, how it evolves in the agentic world, and the top Microsoft mitigation.

← Back to repo

ASI01 — Agent Goal Hijack

Prompt injection that hijacks an autonomous agent into chaining harmful actions.

ASI02 — Tool Misuse & Exploitation

Agents abuse legitimately granted tools in unintended or dangerous ways.

ASI03 — Identity & Privilege Abuse

Agents inherit, escalate, or misuse identity tokens and access privileges.

ASI04 — Agentic Supply Chain

Compromised plugins, MCP servers, or orchestration layers in the agent stack.

ASI05 — Unexpected Code Execution

Agents dynamically generate and execute code, risking RCE or sandbox escape.

ASI06 — Memory & Context Poisoning

Persistent agent memory or RAG stores poisoned with adversarial content.

ASI07 — Insecure Inter-Agent Communication

Spoofing, replay, or man-in-the-middle attacks on agent-to-agent messaging.

ASI08 — Cascading Failures

A single bad input propagates unchecked across interconnected agent systems.

ASI09 — Human-Agent Trust Exploitation

Users blindly trust agent outputs, enabling social engineering and manipulation.

ASI10 — Rogue Agents

Agents escape guardrails, self-replicate, or operate outside defined boundaries.