With the launch of the OWASP Top 10 for Agentic Applications, the industry has its first globally peer-reviewed risk framework for autonomous, tool-using AI agents. The framework is the product of months of work in the OWASP GenAI Security Project from hundreds of contributors, including extensive review from national cybersecurity agencies, standards bodies, enterprises and more.

“As AI systems become autonomous and capable of executing complex multi-step tasks, the security risks change dramatically. The OWASP Agentic Top 10 gives the industry a shared understanding of those risks through a comprehensive framework and actionable mitigations that are rapidly gaining global adoption. Aligning it with AIUC-1 helps organisations operationalize that knowledge through certification and implement secure agentic AI at the speed of innovation”, says John Sotiropoulos, OWASP GenAI Security Project Board Member & ASI Co-lead, Agentic Top 10 Chair.

Introducing the OWASP Agentic Top 10

The OWASP Agentic Top 10 catalogs the highest-impact security risks for autonomous AI systems - from goal hijacking and tool misuse to memory poisoning and rogue agents - along with real-world attack scenarios and mitigation guidelines that teams can act on immediately. Released in December 2025, the Agentic Top 10 sets the north star for securing agentic systems.

OWASP Agentic Top 10 Threats along the AI Agent Lifecycle

The class of risk captured in the Agentic Top 10 only emerges once an LLM moves beyond inputs and outputs and starts executing multi-step actions. It builds on the OWASP Top 10 for LLM Applications, which addresses security risks associated with the model layer such as prompt injection, data poisoning and improper output handling.

AIUC-1 covers all OWASP Agentic Top 10 risks

AIUC-1 integrates the Agentic Top 10's threats and mitigations directly into its auditable requirements. OWASP GenAI Security guidance has rapidly become a de-facto industry reference for AI and agentic security, recommended and referenced by governments, hyperscalers, academia, and cybersecurity agencies. Security leaders already following OWASP's guidance have a headstart towards meeting AIUC-1 requirements from day one, with certification providing independent validation that controls are sufficiently robust against real-world risk.

Consider the Top 10 Risk “Identity & Privilege Abuse” (ASI 03), the scenario where agents exploit dynamic trust to escalate access beyond their scope. AIUC-1 requirement A003: Limit AI agent data collection demands concrete controls to mitigate this, validating questions like: does the agent limit data collection to task-relevant information? Is access scoped by user role or workflow requirements? And are alerts configured for agent violations? The control is verified through robust technical testing before the certificate is issued. By translating community-identified threats and mitigations into auditable requirements, AIUC-1 provides organisations with a clear framework to reliably implement aligned security standards.

The Agentic Top 10 is complimented by comprehensive GenAI Security guides across the entire agentic lifecycle and governance and is part of a broader adoption program bringing together practitioners, enterprises, academics, government research institutes, and other standards organisations.

“By bringing the Agentic Top 10 together with AIUC-1, we create a pathway for our broader adoption, governance and lifecycle activities to align with a robust certification scheme” said Rock Lambros, OWASP Agentic Security Initiative Core Team Member and co-lead of agentic standards alignment and governance.

A detailed crosswalk mapping the OWASP Agentic Top 10 threats to AIUC-1 will be released once ready after detailed peer review.

Get involved with the OWASP x AIUC-1 community

The OWASP Agentic Top 10 sits within a larger body of work from the OWASP GenAI Security Project - a global community-driven and expert-led initiative with 15,000+ members.

“We’re excited to be working closely together with the OWASP GenAI community” said Rajiv Dattani, co-founder of AIUC. “The community members bring important perspectives on how we can strengthen AIUC-1 controls, drawing on a wealth of practical experience.”

A dedicated AIUC-1 working group with the OWASP GenAI Security Project has been created to map the Agentic Top 10's threats and mitigations directly into the AIUC-1 Standard. The final crosswalk will be published following an in-depth peer review. Get in touch to hear more.