layout: central
Top 10 AI Agent Security and Governance Controls (Based on OWASP)
ASI01. Agent Goal Hijack
Runtime enforcement & guardian agents
Observability, audit trails & explainability
Policy-as-code, escalation rules & HITL frameworks
Continuous security testing & adversarial evaluation
ASI02. Tool Misuse & Exploitation
Runtime enforcement & guardian agents
Securing MCP Servers
Ephemeral execution & environment isolation (sandboxing)
AI Agent Sandboxing and Isolation 👍
Continuous security testing & adversarial execution
ASI03. Identity & Privilege Abuse
Agent discovery & inventory (continuous)
[Treat agents as first-class identities](Traditional IAM will not work, least privilege, JIT)](/security/IAM_for_agents.md)
Scoped data access & information governance
Policy-as-code, escalation rules & HITL frameworks
ASI04: Agentic Supply Chain Vulnerabilities
Secure supply chain & model integrity
Continuous security testing & adversarial evaluation
ASI05: Unexpected Code Execution (RCE)
Ephemeral execution & environment isolation
Runtime enforcement & guardian agents
Continuous security testing & adversarial evaluation
ASI06: Memory & Context Poisoning
Scoped data access & information governance
Observability, audit trails & explainability
[How to explain Accuracy vs Explainability to CTOs and CIOs