OWASP Agentic Top 10

Full coverage of the OWASP Agentic Top 10.

The only executable rule set designed from the ground up for OWASP's AI agent security standard. 10 out of 10 categories covered.

10 / 10categories covered

108ATR detection rules

Scan a Skill Now

The Standard

What is the OWASP Agentic Top 10?

OWASP released the Top 10 for Agentic Applications in 2026 -- the first security standard specifically for AI agents. It covers 10 attack categories: from prompt injection and tool misuse to rogue agents and cascading failures.

ATR (Agent Threat Rules) is the only rule set that maps directly to all 10 categories with executable detection rules. Not a checklist. Not a whitepaper. Real YAML rules that run in < 50ms and block threats before they execute.

Coverage Matrix

10 categories. 110 rules. Zero gaps.

Every OWASP Agentic category has dedicated ATR detection rules. 6 categories at STRONG coverage, 4 at MODERATE -- all fully covered.

ASI01STRONG

Agent Goal Hijack

ATR rules

ASI02STRONG

Tool Misuse & Exploitation

ATR rules

ASI03STRONG

Identity & Privilege Abuse

ATR rules

ASI04STRONG

Agentic Supply Chain

ATR rules

ASI05STRONG

Unexpected Code Execution

ATR rules

ASI06STRONG

Memory & Context Poisoning

ATR rules

ASI07MODERATE

Insecure Inter-Agent Comms

ATR rules

ASI08MODERATE

Cascading Failures

ATR rules

ASI09MODERATE

Human-Agent Trust Exploit

ATR rules

ASI10MODERATE

Rogue Agents

ATR rules

Some rules map to multiple categories. Total rule-category mappings: 77.

Ecosystem Scan

Verified against 67,000+ real skills.

We scanned the MCP ecosystem -- npm, GitHub, and community registries. The numbers speak for themselves.

53,577

MCP skills scanned

2,322

packages with security findings

182

critical severity

249

triple threat (shell + network + fs)

Findings by severity

182

Critical

1124

High

1016

Medium

7354

Low

Why ATR

Traditional security rules can't detect AI agent attacks.

Sigma and YARA detect network intrusions and malware. OWASP LLM Top 10 covers model-level risks. But neither can detect prompt injection through tool descriptions, skill supply chain attacks, or inter-agent message spoofing. ATR was built specifically for these threats.

Detection Framework Comparison

Sigma / YARA

Network intrusion, malware signatures

0/10 agentic

OWASP LLM Top 10

Model-level risks (hallucination, training data)

3/10 overlap

ATR + OWASP Agentic Top 10

Agent runtime: tools, skills, inter-agent, supply chain

10/10 covered

Scan your first skill in 3 seconds.

Paste a GitHub URL on panguard.ai or install the CLI. Every scan uses ATR rules mapped to the OWASP Agentic Top 10.

npm install -g @panguard-ai/panguard && pga up

View ATR Rules Scan Online

OWASP Agentic Top 10

Full coverage of the OWASP Agentic Top 10.

The only executable rule set designed from the ground up for OWASP's AI agent security standard. 10 out of 10 categories covered.

10 / 10categories covered

108ATR detection rules

Scan a Skill Now

The Standard

What is the OWASP Agentic Top 10?

Coverage Matrix

10 categories. 110 rules. Zero gaps.

Every OWASP Agentic category has dedicated ATR detection rules. 6 categories at STRONG coverage, 4 at MODERATE -- all fully covered.

ASI01STRONG

Agent Goal Hijack

ATR rules

ASI02STRONG

Tool Misuse & Exploitation

ATR rules

ASI03STRONG

Identity & Privilege Abuse

ATR rules

ASI04STRONG

Agentic Supply Chain

ATR rules

ASI05STRONG

Unexpected Code Execution

ATR rules

ASI06STRONG

Memory & Context Poisoning

ATR rules

ASI07MODERATE

Insecure Inter-Agent Comms

ATR rules

ASI08MODERATE

Cascading Failures

ATR rules

ASI09MODERATE

Human-Agent Trust Exploit

ATR rules

ASI10MODERATE

Rogue Agents

ATR rules

Some rules map to multiple categories. Total rule-category mappings: 77.

Ecosystem Scan

Verified against 67,000+ real skills.

We scanned the MCP ecosystem -- npm, GitHub, and community registries. The numbers speak for themselves.

53,577

MCP skills scanned

2,322

packages with security findings

182

critical severity

249

triple threat (shell + network + fs)

Findings by severity

182

Critical

1124

High

1016

Medium

7354

Low

Why ATR

Traditional security rules can't detect AI agent attacks.

Detection Framework Comparison

Sigma / YARA

Network intrusion, malware signatures

0/10 agentic

OWASP LLM Top 10

Model-level risks (hallucination, training data)

3/10 overlap

ATR + OWASP Agentic Top 10

Agent runtime: tools, skills, inter-agent, supply chain

10/10 covered

Scan your first skill in 3 seconds.

Paste a GitHub URL on panguard.ai or install the CLI. Every scan uses ATR rules mapped to the OWASP Agentic Top 10.

npm install -g @panguard-ai/panguard && pga up

View ATR Rules Scan Online