What are the OWASP Top 10 risks for AI agents?

The OWASP Top 10 for LLM Applications and the OWASP MCP Top 10 identify the most critical security risks for AI agents — and the majority involve execution-level vulnerabilities that output filtering alone cannot prevent.

Key OWASP risks mapped to Exogram's defense:

• LLM01: Prompt Injection → Exogram blocks the action, not the injection. Even if the prompt succeeds, destructive actions are denied at the execution boundary
• LLM02: Insecure Output Handling → Gate 8 validates SQL, Gate 5 validates code execution before outputs reach backend systems
• LLM03: Training Data Poisoning → Trust Ledger tracks provenance; policy gates validate actions regardless of training data influence
• LLM06: Sensitive Information Disclosure → PII Air Gap scrubs sensitive data; Gate 7 blocks exfiltration to untrusted domains
• LLM07: Insecure Plugin Design → Every plugin/tool call passes through governance evaluation before execution
• LLM08: Excessive Agency → 8 policy gates constrain what agents can actually do, regardless of granted permissions
• MCP-01: Tool Poisoning → Actions validated by deterministic rules, not by tool self-descriptions
• MCP-03: Rug Pull → Every tool call is re-evaluated at execution time, not just at registration

Exogram addresses 8 of the OWASP Top 10 LLM risks and all 10 of the OWASP MCP Top 10 risks through deterministic execution governance.