OWASP Agentic Top 10
Rules for every category of the OWASP Agentic Top 10.
An executable rule set designed from the ground up for OWASP's AI agent security standard. All 10 categories have dedicated rules (9 STRONG, 1 MODERATE).
The Standard
What is the OWASP Agentic Top 10?
OWASP released the Top 10 for Agentic Applications in 2026 -- the first security standard specifically for AI agents. It covers 10 attack categories: from prompt injection and tool misuse to rogue agents and cascading failures.
ATR (Agent Threat Rules) maps directly to all 10 categories with executable detection rules. Not a checklist. Not a whitepaper. Real YAML rules that run in < 50ms and block threats before they execute.
Coverage Matrix
10 categories. 747 rules. All mapped.
All 10 OWASP Agentic categories have dedicated ATR detection rules: 9 at STRONG coverage, 1 at MODERATE.
Agent Goal Hijack
445
ATR rules
Tool Misuse & Exploitation
32
ATR rules
Identity & Privilege Abuse
107
ATR rules
Agentic Supply Chain
71
ATR rules
Unexpected Code Execution
65
ATR rules
Memory & Context Poisoning
54
ATR rules
Insecure Inter-Agent Comms
21
ATR rules
Cascading Failures
48
ATR rules
Human-Agent Trust Exploit
16
ATR rules
Rogue Agents
7
ATR rules
Some rules map to multiple categories. Total rule-category mappings: 866.
Ecosystem Scan
Verified against 96,096 real skills.
We scanned the MCP ecosystem -- npm, GitHub, and community registries. The numbers speak for themselves.
67,799
MCP skills scanned
2,322
packages with security findings
182
critical severity
249
triple threat (shell + network + fs)
Findings by severity
182
Critical
1124
High
1016
Medium
7354
Low
COMPLIANCE ROADMAP · LAYER 7 GOVERN
6-framework mapping shipped · reporting + AIAM next
Per-rule mapping across 6 frameworks ships today (ATR v3.5.11, CI-validated). Auditor-grade reports + AIAM are next on the public roadmap. No fake checkmarks.
Today · Shipped
- ✓EU AI Act · NIST AI RMF · ISO/IEC 42001 — per-rule compliance mapping on bundled rules, validated in CI (ATR v3.5.11)
- ✓OWASP LLM Top 10 · OWASP Agentic Top 10 · MITRE ATLAS — per-rule references (ATR v3.5.11)
- ✓Downloadable mapping pack — per-rule framework evidence, MIT-licensed (detection evidence, not a compliance guarantee)
- ✓Audit log — admin actions, actor, IP, timestamp (Threat Cloud)
- ✓Admin dashboard — pagination, filter by actor / action
- ✓Client key registration + revocation (API-key AAM lite)
Roadmap · Coming Soon
- ○
pga report --framework <name>— Markdown + PDF reports with per-rule mapping (planned) - ○AIAM — agent identity + scope + policy evaluator + OAuth 2.0 device flow (planned)
- ○SOC 2 Type 1 — in preparation; the timeline will be announced when audit fieldwork is scheduled
NIST AI RMF
Govern / Map / Measure / Manage
Voluntary · F500 RFP standard
Mapped · v3.5.11
EU AI Act
Articles 9, 10, 12, 13, 14, 15 (high-risk)
High-risk obligations enforced Dec 2027 (omnibus delay)
Mapped · v3.5.11
ISO / IEC 42001
AIMS clauses 6.2 / 8.1–8.4 / 9.1
Certification pathway
Mapped · v3.5.11
Colorado AI Act
SB24-205 algorithmic discrimination
Enforcement began 2026-06-01
Mapping in progress
Why honest timelines
Compliance reporting that claims coverage before shipping code is the fastest way to lose CISO trust. We only publish dates once they are committed. If a published date slips, we post the reason on the panguard.ai changelog before auditors find out from you.
Why ATR
Traditional security rules can't detect AI agent attacks.
Sigma and YARA detect network intrusions and malware. OWASP LLM Top 10 covers model-level risks. But neither can detect prompt injection through tool descriptions, skill supply chain attacks, or inter-agent message spoofing. ATR was built specifically for these threats.
Sigma / YARA
Network intrusion, malware signatures
OWASP LLM Top 10
Model-level risks (hallucination, training data)
ATR + OWASP Agentic Top 10
Agent runtime: tools, skills, inter-agent, supply chain
Scan your first skill in 3 seconds.
Paste a GitHub URL on panguard.ai or install the CLI. Every scan uses ATR rules mapped to the OWASP Agentic Top 10.
npm install -g panguard && pga up