OWASP Agentic Self-Assessment
Self-assessment cross-reference against 10 agentic-threat categories. Inspired by OWASP's work on agentic AI threats — NOT an OWASP-endorsed certification.
This is a self-assessment tool, not a certified audit. The numbering below is an internal Lua convention (
OWASP-AA-01…OWASP-AA-10), NOT the official OWASP Top 10 for LLMs 2025 schema (LLM01–LLM10) or the community T1–T15 Agentic threat draft.
10 agentic-threat categories mapped to governance-sdk features, inspired by OWASP's work on agentic AI risks. Use this to self-assess your posture, not to claim OWASP certification.
Categories
| ID | Category | SDK Mapping |
|---|---|---|
| AA-01 | Excessive Agency | blockTools, allowOnlyTools |
| AA-02 | Unrestricted Resource Consumption | tokenBudget, rateLimit (host-populated), costBudget |
| AA-03 | Supply Chain Vulnerabilities | CycloneDX SBOM generator, declared dependencies |
| AA-04 | Data Leakage | sensitiveDataFilter, maskSensitiveOutput, outputPattern |
| AA-05 | Indirect Prompt Injection | 54-pattern regex detector + mlInjectionGuard hook |
| AA-06 | Inadequate Sandboxing | requireApproval for untrusted actions, graduated outcomes |
| AA-07 | Over-Reliance on Agent Output | requireApproval on high-impact actions, human oversight |
| AA-08 | Insufficient Logging and Monitoring | audit trail, integrityAudit for tamper-evident logs |
| AA-09 | Insecure Inter-Agent Communication | A2A governance adapters (opt-in) |
| AA-10 | Rogue Agents | kill switch (priority 999, unbeatable by user rules) |
Run a Self-Assessment
AA-10 — Kill Switch (honest default)
In older versions, AA-10 returned compliant unconditionally — a silent pass that hid real gaps. As of 0.10.x, AA-10 is non-compliant until a real kill switch is registered on the governance instance via createKillSwitch(gov). The report now reflects whether you actually have an incident-response primitive wired up, not just whether the SDK supports one.