Use OWASP Agentic AI Top 10 for threat modelling, OWASP NHI guidance for credential and privilege governance, and Zero Trust principles for continuous verification of tools and identities. Together, they help teams evaluate agent behaviour, access boundaries, and trust at runtime instead of only at onboarding.
Why This Matters for Security Teams
agentic ai risk cannot be assessed with a single framework because the problem spans model behaviour, tool use, identity, privilege, and runtime trust. Teams that focus only on model safety miss the operational reality: agents can chain actions, call external systems, and act outside the narrow scope intended at design time. Current guidance suggests combining threat modelling for agent behaviour with identity governance and continuous verification. The OWASP OWASP Agentic AI Top 10 and NIST's NIST AI Risk Management Framework are useful starting points because they force teams to evaluate risk across the full lifecycle, not just at onboarding.
NHIMG's research shows why this matters operationally: in the AI Agents: The New Attack Surface report, 80% of organisations reported agents performing actions beyond their intended scope, and only 44% had implemented policies to govern them. In practice, many security teams encounter agentic risk only after an agent has already accessed sensitive data or revealed credentials, rather than through intentional governance design.
How It Works in Practice
The most defensible approach is to map each framework to a distinct layer of control. Use the OWASP Agentic AI Top 10 for threat scenarios such as prompt injection, tool abuse, data exfiltration, and unsafe autonomy. Use CSA MAESTRO agentic AI threat modeling framework to structure the assessment of agent workflows, trust boundaries, and orchestration paths. Use NIST AI Risk Management Framework to tie those findings to governance, measurement, and accountability.
For identity and access, pair those frameworks with OWASP NHI Top 10 and Zero Trust principles. That means assessing whether the agent has a workload identity, whether credentials are short-lived, whether tool permissions are issued just in time, and whether runtime policy checks occur before every sensitive action. Workload identity matters because the organisation must prove what the agent is, not just what password it holds. Best practice is evolving toward intent-based authorisation, where a request is judged in context at runtime rather than by static RBAC alone.
- Use OWASP Agentic AI Top 10 to catalogue agent-specific attack paths.
- Use CSA MAESTRO to trace how one compromised tool call can cascade into broader impact.
- Use NIST AI RMF to assign ownership, measure residual risk, and define escalation thresholds.
- Use NHI guidance to govern secrets, token scope, rotation, and revocation.
For implementation context, NHIMG's OWASP Agentic Applications Top 10 and Ultimate Guide to NHIs — Lifecycle Processes for Managing NHIs are especially useful for translating abstract risk language into control checks. These controls tend to break down in high-autonomy environments where agents can choose new tools on the fly, because pre-approved access lists cannot keep pace with emergent behaviour.
Common Variations and Edge Cases
Tighter agent oversight often increases deployment friction, requiring organisations to balance faster automation against stronger approval and monitoring controls. That tradeoff becomes sharper when the agent performs low-latency tasks or operates across multiple systems with different ownership models. There is no universal standard for this yet, so current guidance suggests layering controls rather than waiting for one perfect framework to emerge.
Some environments need extra emphasis on specialised risks. Financial services and healthcare usually require stronger auditability and evidence retention, while engineering teams may need tighter control over code execution and repository access. If an agent can spawn sub-agents, call external APIs, or request fresh credentials mid-task, assess the whole chain, not just the parent process. NHIMG's LLMjacking research and the NIST AI Risk Management Framework are useful references when the question is less about model output quality and more about compromise paths, credential abuse, and runtime containment.
The practical takeaway is that organisations should treat agentic AI as a governed workload class, not as a static application feature. Where agents can act independently, access boundaries must be evaluated continuously, and policy must move with the task.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | Covers agent-specific attack paths like prompt injection and tool abuse. |
| CSA MAESTRO | M1 | Structures threat modeling for orchestration, trust boundaries, and cascade risk. |
| NIST AI RMF | Provides governance and measurement for managing AI risk across the lifecycle. |
Map each agent workflow to OWASP Agentic AI threats before deployment and after major tool changes.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
