Compliance / OWASP Agentic Top 10

OWASP Agentic Top 10 Compliance Mapping

OWASP Agentic Top 10 (2026) is the community-curated list of the most critical security risks for agentic AI systems: tool poisoning, excessive agency, agentic-loop exploits, confused deputy, and more.

Last reviewed June 2026

Problem

Why OWASP Agentic Top 10 evidence is hard

Auditors arrive with the framework control list. Security teams arrive with a finding list. Without a pre-computed mapping, every finding requires manual translation.

How Penaxtra approaches it

How Penaxtra maps to OWASP Agentic Top 10

Penaxtra catalogues agents + MCP servers + tools as first-class assets and ships probe families across ASI01-ASI10. Runtime tool-allowlist enforcement aligns to ASI03 (excessive agency).

Technical capabilities

OWASP Agentic Top 10 capabilities

Every agentic finding carries the ASI-NN identifier with the specific tool or chain that triggered it

.

Audit-ready PDF export with control IDs attached

JSON export for GRC ticketing systems

Configurable audit retention from 1 day to 10 years

Cross-framework overlaps reduce duplicate evidence collection

Compliance mapping

OWASP Agentic Top 10 control coverage

A tool-poisoning chain that escalates from a read-only knowledge tool to a write tool is tagged ASI02 (tool poisoning) and ASI03 (excessive agency).

Controls

Controls in this framework

Each control has a dedicated page: what it covers and how Penaxtra tests and evidences it.

ASI01 Memory Poisoning ASI02 Tool Misuse ASI03 Privilege Compromise ASI04 Resource Overload ASI05 Cascading Failure ASI06 Intent Manipulation ASI07 Identity Spoofing ASI08 Repudiation ASI09 Misalignment ASI10 Overreliance
Related

Explore further

Compliance overview Audit Evidence Export

Request a demo

Scoped walkthrough of the Compliance / OWASP Agentic Top 10 surface against your environment. No credit card.

Request a demo Explore AI-SPM platform