ATR vs OWASP Agentic Top 10 — executable rules vs taxonomy
OWASP Agentic Top 10 is a taxonomy of the most critical agentic AI security risks. ATR is a set of executable detection rules. The two are complementary: OWASP defines the categories, ATR detects the actual attack patterns inside each category. ATR ships with native OWASP Agentic Top 10 mapping covering all 10 of 10 categories.
OWASP Agentic Top 10 (released 2026) defines ten categories of risk specific to AI agents: ASI01 Agent Goal Hijack, ASI02 Tool Misuse, ASI03 Identity & Privilege Abuse, ASI04 Agentic Supply Chain, ASI05 Unexpected Code Execution, ASI06 Memory & Context Poisoning, ASI07 Insecure Inter-Agent Communication, ASI08 Cascading Failures, ASI09 Human-Agent Trust Exploitation, ASI10 Rogue Agents. It is a checklist of what to worry about, with brief examples per category.
ATR is the executable detection layer. Each ATR rule lists which OWASP Agentic IDs it covers. A SOC using OWASP as a checklist can deploy ATR and immediately get detection coverage for every category — 10 of 10 categories with at least one rule, 77 total category-rule mappings across the corpus.
Feature comparison
Feature
ATR (Agent Threat Rules)
OWASP Agentic Top 10
Format
YAML rules (machine-readable)
PDF + markdown (human-readable)
Use
Deploy to detection engine
Audit checklist + threat model
OWASP Agentic Top 10 coverage
10/10 categories with 77 mappings
10/10 (it IS the 10/10)
Real-time detection
Yes
Not designed for it
Vendor neutrality
MIT, multi-vendor adoption
OWASP Foundation (neutral)
Examples per category
5-115 rules per category
1-3 examples per category
Green highlights which side is stronger for that feature. "context" (amber) means "depends on use case, neither wins overall".
When to choose ATR (Agent Threat Rules)
You need actual detection, not just a checklist. You want to operationalize OWASP Agentic Top 10 — turn it from a PDF into rules running in production. ATR is the executable form.
When to choose OWASP Agentic Top 10
You need a vendor-neutral framework for risk assessment, audit, or threat modeling. You want the OWASP brand for compliance conversations. OWASP Agentic Top 10 is the taxonomy you cite in policy documents.
Bottom line
Cite OWASP, deploy ATR. PanGuard contributed the rule pack to OWASP A-S-R-H (Agentic Security Resource Hub) PR #74, merged 2026-05-11 — the implementation reference for the OWASP Agentic Top 10 taxonomy is ATR.