OWASP Agentic Top 10
Full coverage of the OWASP Agentic Top 10.
The only executable rule set designed from the ground up for OWASP's AI agent security standard. 10 out of 10 categories covered.
The Standard
What is the OWASP Agentic Top 10?
OWASP released the Top 10 for Agentic Applications in 2026 -- the first security standard specifically for AI agents. It covers 10 attack categories: from prompt injection and tool misuse to rogue agents and cascading failures.
ATR (Agent Threat Rules) is the only rule set that maps directly to all 10 categories with executable detection rules. Not a checklist. Not a whitepaper. Real YAML rules that run in < 50ms and block threats before they execute.
Coverage Matrix
11 categories. 311 rules. Zero gaps.
Every OWASP Agentic category has dedicated ATR detection rules. 6 categories at STRONG coverage, 4 at MODERATE -- all fully covered.
Agent Goal Hijack
13
ATR rules
Tool Misuse & Exploitation
11
ATR rules
Identity & Privilege Abuse
9
ATR rules
Agentic Supply Chain
8
ATR rules
Unexpected Code Execution
8
ATR rules
Memory & Context Poisoning
8
ATR rules
Insecure Inter-Agent Comms
5
ATR rules
Cascading Failures
4
ATR rules
Human-Agent Trust Exploit
5
ATR rules
Rogue Agents
7
ATR rules
Some rules map to multiple categories. Total rule-category mappings: 77.
Ecosystem Scan
Verified against 67,000+ real skills.
We scanned the MCP ecosystem -- npm, GitHub, and community registries. The numbers speak for themselves.
67,799
MCP skills scanned
2,322
packages with security findings
182
critical severity
249
triple threat (shell + network + fs)
Findings by severity
182
Critical
1124
High
1016
Medium
7354
Low
COMPLIANCE ROADMAP · LAYER 7 GOVERN
4-framework reporting + AIAM
Layer 7 Govern ships partial today (audit log + Threat Cloud logging). Compliance reporting + AIAM land Q2/Q3 2026 on the public timeline. No fake checkmarks.
Today · Shipped
- ✓Audit log — admin actions, actor, IP, timestamp (Threat Cloud)
- ✓Admin dashboard — pagination, filter by actor / action
- ✓Client key registration + revocation (API-key AAM lite)
- ✓OWASP Agentic Top 10 mapping · 10 / 10 categories · 77 rule links
Q2 / Q3 2026 · Coming Soon
- ○
pga report --framework <name>— Markdown + PDF reports with per-rule mapping - ○4-framework metadata added to all 311 ATR rules
- ○AIAM — agent identity + scope + policy evaluator + OAuth 2.0 device flow (Q3 2026)
- ○SOC2 Type 1 attestation via Vanta · target Q3 2026
EU AI Act
Article 9, 10, 12, 14, 15 risk management
Enforcement 2026-08-02
Mapping Q2 2026
Colorado AI Act
SB24-205 algorithmic discrimination
Enforcement 2026-06-01
Mapping Q2 2026
NIST AI RMF
Govern / Map / Measure / Manage
Voluntary · F500 RFP standard
Mapping Q2 2026
ISO / IEC 42001
AIMS clauses 6–10
Certification pathway
Mapping Q2 2026
Why honest timelines
Compliance reporting that claims coverage before shipping code is the fastest way to lose CISO trust. We publish dates. You can hold us to them. If Q2 2026 slips, we post the reason on the panguard.ai changelog before auditors find out from you.
Why ATR
Traditional security rules can't detect AI agent attacks.
Sigma and YARA detect network intrusions and malware. OWASP LLM Top 10 covers model-level risks. But neither can detect prompt injection through tool descriptions, skill supply chain attacks, or inter-agent message spoofing. ATR was built specifically for these threats.
Sigma / YARA
Network intrusion, malware signatures
OWASP LLM Top 10
Model-level risks (hallucination, training data)
ATR + OWASP Agentic Top 10
Agent runtime: tools, skills, inter-agent, supply chain
Scan your first skill in 3 seconds.
Paste a GitHub URL on panguard.ai or install the CLI. Every scan uses ATR rules mapped to the OWASP Agentic Top 10.
npm install -g @panguard-ai/panguard && pga up