By Sean Mitchell
Publication Date: 2026-01-09 08:00:00
Cybersecurity community OWASP has released its first top 10 list for agent AI applications, outlining the key security risks it believes arise when companies use autonomous artificial intelligence systems in their core businesses.
The new framework focuses on agentic AI, a class of systems that can make decisions and perform actions without direct human instruction. These agents can connect to business systems, initiate workflows, and interact with external services, increasing the potential impact of errors, misconfigurations, or malicious intrusions.
OWASP, best known among enterprise security teams for its long-running top 10 list of web application risks, is expanding its methodology to AI agents as companies move beyond static chatbots and question-answering tools. Security experts view this shift as a structural change in the way companies use AI in production environments.
Keren Katz, co-leader of the “Top 10 for Agentic AI Applications” project at…