Notifications
Clear all
Topic starter
09/06/2026 11:57 pm
TL;DR: OWASP’s Q2 2026 Agentic AI Red Teaming Landscape formalises a shift from static application security to continuous behavioural testing across planning, data adaptation, development, runtime, and governance, according to Lasso Security. The security model for AI systems now has to account for tool misuse, memory manipulation, and agent chains that act across trust boundaries, not just code flaws.
NHIMG editorial — based on content published by Lasso Security: The OWASP AI Red Teaming Landscape: Why Securing AI Requires a New Security Stack
By the numbers:
- 33% of organisations report their AI agents have accessed inappropriate or sensitive data beyond their intended scope.
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams govern AI agents that can use tools at runtime?
A: They should treat tool use as a privileged execution path and apply policy controls before the agent can complete an action, not after the response is generated.
Q: Why do agentic AI systems create a different security problem from static applications?
A: Because the risk is behavioural, not only code-based.
Q: How do organisations know if AI red teaming is actually reducing risk?
A: They should look for whether findings are linked to concrete runtime controls, whether tests can be repeated against the same abuse path, and whether the same issue is visible in monitoring, audit, and response workflows.
Practitioner guidance
- Map agent decision paths end to end Document where each agent can select tools, chain actions, and cross trust boundaries so you can test the full execution path rather than only model outputs.
- Move enforcement into runtime Place policy enforcement, inspection, and blocking controls in the proxy or gateway layer so the agent cannot complete a risky action before the control evaluates it.
- Build continuous adversarial testing into operations Run repeated prompt injection, tool poisoning, and multi-turn abuse tests after deployment so red teaming remains aligned with live context changes.
What's in the full article
Lasso Security's full article covers the operational detail this post intentionally leaves for the source:
- A phase-by-phase breakdown of the OWASP AI Red Teaming Landscape across planning, development, deployment, and continuous operation
- Implementation detail on runtime protections at the proxy, API, or gateway layer for agentic systems
- Examples of adversarial test cases including prompt injection, jailbreaks, tool poisoning, and multi-agent abuse paths
- The vendor's own operational architecture for closing the loop between red team findings and runtime enforcement
👉 Read Lasso Security's analysis of the OWASP AI red teaming landscape →
OWASP AI red teaming landscape: what changes for IAM teams?
Explore further
10/06/2026 2:31 am
AI security has moved from output control to behavioural governance. The OWASP landscape captures a real shift: the risk is no longer only what the model says, but what the agent does when it can act across tools, memory, and workflows. That changes the identity question from prompt safety to execution-path assurance. Practitioners should treat agent behaviour as a governance object, not a secondary output problem.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between testing AI models and governing AI agents?
A: Model testing focuses on prompts, outputs, and adversarial inputs, while agent governance focuses on the full action path, including tool calls, trust boundaries, and downstream effects. In practice, agents need continuous oversight because they can act across systems. That makes governance a runtime discipline, not a one-time validation exercise.
👉 Read our full editorial: The OWASP AI red teaming landscape and the new security stack
