OWASP Agentic Top 10

The OWASP Agentic Top 10 is the security community's reference for the most common risks in agentic AI systems. Syntrix maps every check we run to one or more of these categories.

ASI01

Prompt Injection

Untrusted input changes the agent's instructions.

Syntrix coverage: TOOL-01, INJ-01

ASI02

Sensitive Information Disclosure

Agent leaks secrets, internal state, or system data.

Syntrix coverage: TLS-01, ERR-01

ASI03

Supply Chain Risks

Malicious dependencies, models, or tool packages enter the agent.

Syntrix coverage: Not yet covered

ASI04

Data and Model Poisoning

Adversarial training or runtime data warps agent behavior.

Syntrix coverage: Not yet covered

ASI05

Improper Output Handling

Downstream systems blindly execute agent output.

Syntrix coverage: Not yet covered

ASI06

Excessive Agency

Agent has more permissions, tools, or autonomy than the task needs.

Syntrix coverage: NET-01, AUTH-01, PERM-01, CORS-01

ASI07

System Prompt Leakage

System prompts and operator instructions exposed to attackers.

Syntrix coverage: Not yet covered

ASI08

Vector and Embedding Weaknesses

Embedding stores poisoned, leaked, or manipulated.

Syntrix coverage: Not yet covered

ASI09

Misinformation

Agent confidently generates false claims that drive action.

Syntrix coverage: Not yet covered

ASI10

Unbounded Consumption

Resource, cost, or rate limits absent on agent surface.

Syntrix coverage: SAMP-01, RATE-01

This list summarizes the OWASP Agentic AI Security Project. For the canonical version and updates, refer to OWASP directly.