Documentation Index
Fetch the complete documentation index at: https://hydroxai.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The OWASP Top 10 for AI Agents (2026) extends the LLM Top 10 to address security risks unique to autonomous AI agent systems — AI that can plan, use tools, execute actions, and interact with external systems with varying degrees of independence. As AI agents become more prevalent in enterprise workflows, understanding and mitigating these agent-specific risks is essential.The Top 10
AG01: Prompt Injection via Tool Use
Agents that consume external data through tools (web browsing, file reading, API calls) are vulnerable to indirect prompt injection embedded in those data sources, which can hijack the agent’s execution plan.AG02: Privilege Escalation
Agents may escalate their permissions by exploiting tool access patterns, gaining unauthorized access to systems, data, or operations beyond their intended scope.AG03: Tool Misuse & Abuse
Agents may be manipulated into using their tools in unintended ways — executing harmful commands, making unauthorized API calls, or performing destructive file operations.AG04: Uncontrolled Autonomous Execution
Agents that operate in loops without proper human oversight, termination conditions, or resource bounds can take cascading harmful actions or consume excessive resources.AG05: Identity & Trust Confusion
Agents interacting with multiple services may confuse identity boundaries — using credentials from one context in another, or being tricked into impersonating users or services.AG06: Unintended Goal Drift
Agents may gradually deviate from their intended objective through accumulated context, adversarial steering, or ambiguous instructions, leading to harmful or irrelevant actions.AG07: Memory & Context Poisoning
Agents with persistent memory or long-running context windows can be poisoned over time, with early malicious inputs influencing future behavior across sessions.AG08: Multi-Agent Trust
In multi-agent systems, a compromised or malicious agent can propagate harmful instructions to other agents, exploiting trust relationships between agents in the system.AG09: Insufficient Audit & Observability
Complex agent workflows with branching, tool use, and multi-step reasoning are difficult to audit. Without proper tracing and logging, detecting security incidents or compliance violations becomes impossible.AG10: Data Exfiltration via Agent Actions
Agents with access to sensitive data and external communication tools (email, API calls, file uploads) can be manipulated into exfiltrating data to attacker-controlled endpoints.How Know Your AI helps with agent security
| Agent Risk | Know Your AI Coverage |
|---|---|
| AG01: Prompt Injection via Tools | Prompt injection datasets for tool-augmented contexts |
| AG02: Privilege Escalation | Jailbreak & boundary-testing datasets |
| AG03: Tool Misuse | Harmful content & jailbreak evaluation |
| AG04: Uncontrolled Execution | Monitoring dashboard for resource tracking |
| AG05: Identity Confusion | Data extraction & system prompt leakage tests |
| AG06: Goal Drift | Evaluation quality metrics for task fulfillment |
| AG07: Memory Poisoning | Multi-turn evaluation support |
| AG08: Multi-Agent Trust | Attack datasets for inter-agent scenarios |
| AG09: Audit & Observability | Tracing with span-tree visualization |
| AG10: Data Exfiltration | Data extraction & PII leakage datasets |
Resources
Chatbot Evaluation
Test web-based AI agents with browser automation.
Monitoring
Track agent behavior with SDK tracing.