OWASP Agentic Top 10: Full Detection Coverage Mapping
ATR covers 10/10 OWASP Agentic Top 10 categories with executable detection rules. Here is the complete mapping.
10/10 Coverage. Executable Rules, Not Checklists.
The OWASP Agentic Top 10 defines the most critical security risks for AI agents. It is a checklist. ATR provides the executable detection rules that make the checklist enforceable.
Here is the complete mapping.
The Coverage Map
| OWASP ID | Threat | ATR Rules | Severity | Status |
|---|
|----------|--------|-----------|----------|--------|
| ASI01 | Agent Goal Hijacking | ATR-PI-001 through ATR-PI-033 | Critical | Covered |
|---|
| ASI02 | Tool Misuse | ATR-TP-001 through ATR-TP-022 | Critical-High | Covered |
|---|
| ASI03 | Privilege Escalation | ATR-PE-001 through ATR-PE-008 | High | Covered |
|---|
| ASI04 | Knowledge Poisoning | ATR-DP-001 | Medium | Covered |
|---|
| ASI05 | Memory Manipulation | ATR-AM-001 through ATR-AM-005 | High | Covered |
|---|
| ASI06 | Excessive Autonomy | ATR-EA-001 through ATR-EA-002 | Medium | Covered |
|---|
| ASI07 | Cascading Hallucination | ATR-MS-001 | Medium | Covered |
|---|
| ASI08 | Uncontrolled Chaining | ATR-EA-002, ATR-AM-003 | High | Covered |
|---|
| ASI09 | Trust Boundary Violation | ATR-CE-001 through ATR-CE-014 | Critical | Covered |
|---|
| ASI10 | Supply Chain Compromise | ATR-SC-001 through ATR-SC-022 | Critical | Covered |
|---|
Why This Matters for Compliance
The EU AI Act takes effect in August 2026. Organizations deploying AI agents will need to demonstrate they have assessed and mitigated risks. OWASP Agentic Top 10 is the leading framework for this assessment.
But a framework without detection is just a PDF. ATR provides:
- •**Automated scanning** against all 10 categories
- •**Evidence generation** for compliance audits (scan reports with timestamps, rule IDs, and verdicts)
- •**Continuous monitoring** via CI/CD integration or runtime scanning
How to Use This
**For compliance teams:**
Map your AI agent risk assessment to OWASP Agentic Top 10. For each category, reference the ATR rule coverage. This gives auditors a concrete, verifiable detection mechanism for each risk.
**For engineering teams:**
npm install agent-threat-rules
npx agent-threat-rules scan --input your-skill.yamlEvery scan produces a structured report with rule IDs that map directly to OWASP categories.
**For security teams:**
Integrate ATR into your security pipeline. Every MCP skill should be scanned before deployment. Every agent prompt should be checked in real time. Sub-5ms latency means zero performance impact.
Beyond OWASP
ATR also covers:
- •**SAFE-MCP (OpenSSF):** 78/85 techniques = 91.8% coverage
- •**OWASP Skills Top 10:** 7/10 (3 are process-level, not detectable by pattern matching)
- •**PINT Benchmark:** 99.7% precision, 61.4% recall on 850 mixed samples
- •**SKILL.md Benchmark:** 96.9% recall, 100% precision, 0% FP on 498 real-world samples
Full coverage mapping: [agentthreatrule.org/en/coverage](https://agentthreatrule.org/en/coverage)
---
*ATR is the open detection standard for AI agent security. MIT licensed. Community driven.*