Huge AI News

OWASP Exposes Top 10 Risks for Autonomous AI Agents, Highlighting Widespread Security Vulnerabilities

OWASP has released the Top 10 for Agentic Applications, a formal risk taxonomy for autonomous AI agents that plan, use tools, maintain memory, and act without waiting for permission.

A recent survey found that 88% of enterprises reported AI agent security incidents in the last 12 months, with only 21% having runtime visibility into what their agents are doing. Moreover, 82% of enterprises have unknown agents in their environments, and 5.5% of public MCP servers contain poisoned tool descriptions, resulting in an 84.2% attack success rate with auto-approval enabled.

The OWASP Top 10 list highlights the following risks:

  • ASI01 – Agent Goal Hijack: Prompt injection for agents, as demonstrated against GitHub’s MCP integration.
  • ASI02 – Tool Misuse: Agents being tricked into running malicious regex, resulting in unauthorized data exports.
  • ASI03 – Identity and Privilege Abuse: Agents inheriting user permissions and caching credentials, allowing for compromise of the entire delegation chain.
  • ASI04 – Supply Chain Compromise: Vulnerable MCP servers and packages affecting over 150M downloads due to architectural flaws in Anthropic’s MCP SDKs.
  • ASI05 – Unexpected Code Execution: RCE in Claude Code through poisoned .claude config files in repos.
  • ASI06 – Memory Poisoning: Compromised agents poisoning downstream decision-making in multi-agent systems.
  • ASI07 – Insecure Inter-Agent Comms: Agent-in-the-middle attacks in natural language due to lack of authentication.
  • ASI08 – Cascading Failures: Natural language errors passing validation checks and rippling through the entire agent chain.
  • ASI09 – Human-Agent Trust Exploitation: Compromised agents presenting clean summaries to trick humans into approving malicious actions.
  • ASI10 – Rogue Agents: The insider threat equivalent for AI, with individual actions appearing legitimate but detectable through behavioral monitoring over time.

These risks form a kill chain, with goal hijack leading to further exploitation. It is essential for enterprises to address these risks to ensure the security and integrity of their AI systems.

Photo by Vitaly Gariev on Pexels
Photos provided by Pexels

More posts