OWASP AGENTIC TOP 10
Every AI agent risk, mapped to a MandateZ control.
MandateZ ships templates and detection for all ten OWASP Agentic risks. Generated reports map your signed event stream against this framework — auditor-ready, in seconds.
Memory Poisoning
Adversaries inject malicious content into an agent’s short or long-term memory — vector stores, conversation history, or retrieved context — to manipulate future decisions or exfiltrate data.
MandateZ control
MandateZ signs every memory write event with the agent’s Ed25519 key and logs it to a tamper-proof audit trail. Untrusted writes can be policy-blocked at the source.
Tool Misuse
An agent invokes legitimate tools — file systems, APIs, payment rails — for unintended or malicious purposes, often after being tricked by a prompt injection or compromised input.
MandateZ control
The MandateZ runtime policy engine evaluates every tool call against declared rules and blocks unauthorized invocations before execution. Each call is signed and auditable.
Privilege Compromise
An agent operates with broader permissions than its task requires — “Allow All” OAuth scopes, root credentials, or unscoped API keys — and an attacker leverages that surface to pivot.
MandateZ control
MandateZ enforces least-privilege through resource-pattern policies. Wildcards on sensitive resources are blocked by default and human-approval gates fire on privilege escalation attempts.
Resource Overload
Agents consume excessive compute, tokens, network, or downstream API calls — either through runaway loops, hostile inputs, or cascading sub-agent invocations — degrading availability.
MandateZ control
Rate-limit policies and budget caps fire at the policy engine layer. Anomalous consumption surfaces in the event stream within seconds of the signed event being emitted.
Cascading Hallucination Attacks
A hallucination from one agent becomes input to the next, propagating false facts through multi-agent systems until they are acted on as ground truth — producing outputs grounded in nothing.
MandateZ control
Every inter-agent message in MandateZ is a signed event linking output to its originating agent. Provenance is preserved across hops, enabling downstream consumers to validate upstream claims.
Intent Breaking and Goal Manipulation
Adversarial inputs redirect an agent away from its declared goal — turning a research agent into an exfiltration tool, or a coding agent into an unintended payment trigger.
MandateZ control
MandateZ mandates declared action_types and resource scopes per agent. Deviations from declared intent are flagged or blocked, and the human oversight gate halts execution on high-risk drift.
Misaligned and Deceptive Behaviors
An agent optimizes for an objective that diverges from operator intent — gaming evaluation metrics, hiding side effects, or producing deceptive outputs that pass surface-level checks.
MandateZ control
The signed event stream captures full chain-of-action telemetry. Compliance reports surface behavioral patterns inconsistent with declared mandate, producing an evidence trail for review.
Repudiation and Untraceability
After an incident, there is no way to prove which agent took which action, when, or under whose authority — making post-mortem, attribution, and legal accountability impossible.
MandateZ control
Every MandateZ event carries an Ed25519 signature and the agent’s public key. The full action ledger is cryptographically non-repudiable and exportable as an auditor-ready artifact.
Identity Spoofing and Impersonation
An attacker who steals an agent’s OAuth token, API key, or session credential can impersonate that agent end-to-end. Downstream systems have no way to distinguish legitimate calls from spoofed ones.
MandateZ control
MandateZ replaces stealable tokens with Ed25519 keypairs bound to agent identity. A signed event proves authorship — possessing a leaked token alone cannot forge a valid signature.
Overwhelming Human Oversight
When agents fire too many approval requests, alerts, or notifications, humans rubber-stamp them. The oversight layer collapses and high-risk actions slip through without genuine review.
MandateZ control
The MandateZ oversight gate triggers only on policy-flagged actions — export, delete, payment by default — with timeout-based auto-block. Routine actions stay out of the human queue.
Generate an OWASP Agentic Top 10 compliance report
One-click export of your agent’s signed event stream mapped against ASI-01 through ASI-10. PDF + JSON, auditor-ready.