◈ AI Security Intelligence ← All terms
Governance  ·  Glossary

OWASP Agentic Skills Top 10 (AST10)

Definition
A published security framework — the first from OWASP focused specifically on AI agent 'skills' (the plug-in extensions that let agents take actions) — that lists the ten most dangerous ways those skills can be abused or weaponised. It covers major agent platforms including Claude Code, Cursor, Codex, and VS Code.
Why it matters
As companies deploy AI agents extended with third-party skills, each skill is a potential entry point for attackers; the AST10 gives security and procurement teams a concrete checklist to evaluate risk before enabling agent capabilities.
Demonstrated by recent findings
OWASP Agentic Skills Top 10 (AST10) — First Security Framework for AI Agent Skills PublishedOpenClaw Discord allowFrom Policy Bypass via Mutable Display Name (CVE-2026-53849)OpenClaw Zalo allowFrom Policy Bypass via Mutable Contact Display Metadata (CVE-2026-53857)Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents Into Running Attacker-Controlled Code
References
OWASP Agentic Skills Top 10 — GitHub
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →