Notifications
Clear all
Topic starter
25/06/2026 5:12 pm
TL;DR: OWASP’s Top 10 for Agentic Applications defines 10 operational risk categories for autonomous and semi-autonomous AI systems that plan, call tools, use memory, and take actions inside enterprise workflows, according to Zenity. The framework matters because existing model-centric controls do not address the identity, delegation, and execution risks that emerge once AI can act.
NHIMG editorial — based on content published by Zenity: The OWASP Top 10 for Agentic Applications, a milestone for AI security
Questions worth separating out
Q: How should security teams govern AI agents that can invoke tools and take actions?
A: Treat AI agents as privileged identities with bounded authority, explicit tool permissions, and continuous monitoring of runtime behaviour.
Q: Why do AI agents create more risk than traditional automation?
A: Traditional automation follows predefined rules, while agents can choose actions, combine tools, and change course during execution.
Q: What breaks when AI agent permissions are too broad?
A: Broad permissions let an attacker or malicious prompt redirect an agent into systems and workflows that were never part of the original task.
Practitioner guidance
- Create an identity model for agents and delegated tools Assign each agent a distinct identity, map its inherited permissions, and document which tools, data sets, and approval paths it can reach.
- Reduce inherited privilege before agents reach production Strip broad service permissions, separate human and agent credentials, and prohibit shared tokens where the agent can act independently.
- Instrument runtime controls for goal drift and unsafe tool use Monitor intent changes, tool sequences, memory writes, and cross-agent messages in real time.
What's in the full article
Zenity's full blog post covers the operational detail this post intentionally leaves for the source:
- Zenity's point-by-point commentary on each of the 10 OWASP agentic application risks and the corresponding mitigations.
- The article's examples of how agents misuse tools, inherit privileges, and behave outside intended scope in production environments.
- The discussion of runtime guardrails, inline policy enforcement, and behavioural monitoring for agent actions.
- The vendor's explanation of how its platform is positioned around action-level control across SaaS, cloud, endpoint, and browser environments.
👉 Read Zenity's analysis of the OWASP Top 10 for Agentic Applications →
Agentic AI Top 10: what it means for IAM teams?
Explore further
25/06/2026 5:45 pm
Agentic AI security is now a distinct governance category, not an extension of model security. The article is right to separate agentic risk from prompt-only and model-only controls because the operational unit of risk is the actor that can decide, access, and act. That distinction matters for IAM, PAM, and NHI teams because the control surface is behavioural and permissioned, not merely conversational. The practitioner conclusion is that AI security programmes need an identity model for agents, not just content filters.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent causes harmful actions?
A: Accountability should remain with the organisation that assigned the agent’s access and allowed it to operate. Security, application, and governance teams share responsibility for permissions, monitoring, and approval boundaries, while risk and compliance teams need evidence that the agent’s actions were visible and reviewable. If nobody owns the delegation chain, nobody owns the blast radius.
👉 Read our full editorial: OWASP's agentic AI Top 10 reframes enterprise AI security
