New Real-world Attacks Behind Owasp Agentic AI Top 10 2025

OWASP just released the Top 10 for Agentic Applications 2026 - the first security framework dedicated to autonomous AI agents.

We've been tracking threats in this space for over a year. Two of our discoveries are cited in the newly created framework.

We're proud to help shape how the industry approaches agentic AI security.

The past year has been a defining moment for AI adoption. Agentic AI moved from research demos to production environments - handling email, managing workflows, writing and executing code, accessing sensitive systems. Tools like Claude Desktop, Amazon Q, GitHub Copilot, and countless MCP servers became part of everyday developer workflows.

With that adoption came a surge in attacks targeting these technologies. Attackers recognized what security teams were slower to see: AI agents are high-value targets with broad access, implicit trust, and limited oversight.

The traditional security playbook - static analysis, signature-based detection, perimeter controls - wasn't built for systems that autonomously fetch external content, execute code, and make decisions.

OWASP's framework gives the industry a shared language for these risks. That matters. When security teams, vendors, and researchers use the same vocabulary, defenses improve faster.

Standards like the original OWASP Top 10 shaped how organizations approached web security for two decades. This new framework has the potential to do the same for agentic AI.

The framework identifies ten risk categories specific to autonomous AI systems:

Manipulating an agent's objectives through injected instructions

Source: BleepingComputer