OWASP Publishes First AI Agent Security Vulnerability Report
OWASP has published its first AI Agent Security Top 10, identifying critical vulnerability categories including prompt injection, tool misuse chains, data exfiltration through agent memory, and unauthorized action escalation.
The Open Worldwide Application Security Project (OWASP) has published its first AI Agent Security Top 10, a comprehensive report identifying the most critical security risks in deployed AI agent systems. The report draws on vulnerability data from over 200 organizations running AI agents in production.
Prompt injection remains the top vulnerability, but the report describes new attack vectors specific to agents, including indirect prompt injection through data sources, tool-use chain manipulation where attackers craft inputs that cause agents to misuse legitimate tools, and memory poisoning attacks that corrupt an agent's persistent context.
The second most critical vulnerability is unauthorized action escalation, where agents take actions beyond their intended scope. The report documents cases where customer service agents accessed internal databases, coding agents modified production infrastructure, and research agents shared confidential information with external services.
Data exfiltration through agent memory represents a novel risk category. Agents that maintain persistent memory across sessions can inadvertently store sensitive information that is later exposed to other users or leaked through the agent's tool interactions.
The report provides detailed mitigation strategies for each vulnerability, including input validation frameworks, tool-use allowlists, memory sanitization, and output monitoring. OWASP has also released an AI Agent Security Testing Guide that organizations can use to evaluate their agent deployments.
The publication has been widely cited by enterprise security teams and has prompted several cloud providers to update their AI agent platform security features. OWASP plans to update the report quarterly as the agent security landscape evolves.
More News
NVIDIA Launches NIM Microservices for Enterprise AI Deployment
NVIDIA has launched NIM (NVIDIA Inference Microservices), a suite of containerized AI model serving packages that reduce enterprise AI deployment time from weeks to hours with optimized inference performance.
AI Agents Market Reaches $15 Billion as Enterprise Adoption Surges
The global market for AI agents — autonomous AI systems that can plan, execute, and iterate on complex multi-step tasks — has reached $15 billion in annual spending, according to a new report from McKinsey. This represents a 200% increase from 2025, driven by enterprise adoption of agentic AI for customer service, software development, data analysis, and business process automation. The report identifies three tiers of AI agent adoption: basic agents that handle single-step tasks like email responses and appointment scheduling (adopted by 65% of enterprises), intermediate agents that manage multi-step workflows like report generation and data pipeline management (35% adoption), and advanced agents that autonomously execute complex processes like code deployment and financial analysis (8% adoption). The largest spending categories are customer service agents ($4.2B), coding agents ($3.8B), and data analysis agents ($2.5B). McKinsey projects the market will reach $45 billion by 2028 as agent reliability improves and enterprises become more comfortable delegating complex decisions to AI. Key enabling platforms include OpenAI's Agents SDK, Anthropic's Claude computer-use capabilities, and LangChain's agent framework. The report warns that agent governance and monitoring remain underdeveloped, with most enterprises lacking adequate oversight mechanisms for autonomous AI actions.
Microsoft 365 Copilot Gets Custom AI Agents and Actions
Microsoft has updated 365 Copilot with custom AI agent creation, allowing organizations to build agents that automate complex workflows spanning Word, Excel, Outlook, Teams, and SharePoint without code.
GPT-5.2's Agentic Mode Transforms Enterprise Workflows
OpenAI's GPT-5.2 introduced a fundamentally new approach to agentic task completion that is already transforming enterprise workflows. The model can now maintain coherent plans across 50+ sequential tool calls with parallel execution, reducing latency in complex automation pipelines by up to 60%. Early enterprise adopters report that GPT-5.2's agentic mode handles tasks like multi-step data analysis, cross-platform content publishing, and automated code review workflows that previously required custom orchestration code. The key innovation is what OpenAI calls deliberative alignment — a training approach that lets the model dynamically allocate compute to harder sub-tasks while breezing through simpler ones. This means a single agentic session can handle both quick lookups and deep reasoning without manual configuration. Several Fortune 500 companies have reported 40-70% time savings on analyst workflows by deploying GPT-5.2 agents through the API. However, reliability remains a concern — OpenAI acknowledges a 3-5% failure rate on chains exceeding 30 steps, and enterprise deployments require human-in-the-loop checkpoints for critical decisions.