# OWASP Agentic Top 10 — AIEGIS 15-Layer Coverage Map

> OWASP Top 10 for Agentic Applications (2026) mapped sub-by-sub to the aiegis 15-layer runtime enforcement chain. Each ASI category (ASI01 Agent Goal Hijack through ASI10 Rogue Agents) is covered by named primary layers plus defence-in-depth layers. Public coverage reference for security teams sizing aiegis against the OWASP Agentic Security Initiative.

## What is the OWASP Top 10 for Agentic Applications?

The OWASP Top 10 for Agentic Applications (2026) is the OWASP Agentic Security Initiative's prioritised list of the ten most prevalent and impactful security risks specific to autonomous AI agents. The taxonomy uses the ASI prefix (Agentic Security Issue), numbered ASI01 through ASI10, ordered by prevalence + impact across 2024 and 2025 deployments. It was launched on 2025-12-09.

## How does aiegis map to the OWASP Agentic Top 10?

All ten ASI categories are covered by at least one primary layer plus at least one defence-in-depth layer in the aiegis 15-layer runtime enforcement chain (L1 Identity through L15 Correlation). For each category we name the primary layer that would be cited in a customer-facing compliance argument and a defence-in-depth layer that catches the same risk if the primary control is bypassed. The full per-category mapping is on this page.

## Which layers cover ASI01 Agent Goal Hijack?

Primary layers L6 Input-Sanitizer and L2 Instruction-Language; defence-in-depth layers L4 Scope and L12 Behavioral. L6 strips or quarantines injected instructions in user input, tool output, and retrieved documents before they reach the model. L2 detects imperative-mood drift between the agent's declared goal and the actual prompt stack. L4 checks every emitted action against the principal's declared scope before egress. L12 flags goal-shape anomalies.

## Which layers cover ASI03 Identity & Privilege Abuse?

Primary layers L1 Identity and L4 Scope; defence-in-depth layer L9 Meta. L1 requires every action to present a verifiable Ed25519 passport at /api/protect; missing or invalid passport returns immediate DENY. L4 caps privilege at the passport scope claim. L9 binds the passport to machine plus principal (act.sub per RFC 8693), preventing credential reuse across hosts.

## Which layers cover ASI10 Rogue Agents?

Primary layers L12 Behavioral and L15 Correlation; defence-in-depth layer L9 Meta. L12 drift-detects against the agent's declared behaviour baseline and DENYs deviations beyond the configured envelope. L15 surfaces concealment patterns via cross-action correlation. L9 ensures every decision is appended to the append-only audit log (SQL triggers verified live at /grid/ledger/retention); a rogue agent's actions cannot be retroactively hidden.

## Where is the OWASP Agentic Top 10 specification?

The OWASP Gen AI Security Project landing page is at genai.owasp.org/llm-top-10/. The Agentic Security Initiative is at genai.owasp.org/initiatives/agentic-security-initiative/. The Top 10 for Agentic Applications 2026 resource page is at genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/. The launch announcement (2025-12-09) is at genai.owasp.org/2025/12/09/owasp-top-10-for-agentic-applications-the-benchmark-for-agentic-security-in-the-age-of-autonomous-ai/.

## Part of the AIEGIS umbrella

AIEGIS is four products under one stack: AIEGIS Identity (Ed25519 agent passports), Governance (15-layer runtime enforcement), EYE (endpoint visibility), and Grid (agent-to-agent marketplace). EU sovereign. Built in Ireland. Deployed on customer infrastructure.
