What happened
OWASP released the first Top 10 for Agentic Applications, developed by 100+ industry experts. The framework identifies critical risks including Agent Goal Hijacking, Rogue Agents, Tool Misuse, Privilege Misuse, and Human-Agent Trust Exploitation, establishing the 'Least Agency' principle.
Why it matters
This is the definitive application security standard for autonomous AI agents, complementing the existing OWASP LLM Top 10. The separation of agentic from GenAI risks reflects their fundamentally different attack surfaces—agents act, they don't just respond.
Action needed
Development and security teams must audit existing AI agent deployments against all 10 risk categories. Implement the 'Least Agency' principle: treat autonomy as a feature to be earned, not a default. Update threat models and security testing to cover agentic-specific vectors.