Skip to content

blog: OWASP agentic top 10 — what can be enforced (publish 7/20)#779

Open
amavashev wants to merge 2 commits into
mainfrom
blog/owasp-agentic-enforceability
Open

blog: OWASP agentic top 10 — what can be enforced (publish 7/20)#779
amavashev wants to merge 2 commits into
mainfrom
blog/owasp-agentic-enforceability

Conversation

@amavashev

Copy link
Copy Markdown
Contributor

Summary

OWASP Agentic Top 10: What Can Be Enforced? — publish date 2026-07-20. Tier-2 batch post 3/5.

Category-by-category enforceability verdicts for ASI01–ASI10 (4 enforceable / 3 partial / 3 no), with an explicit scoring reconciliation against the framework pillar's "six of ten directly addressable" count (stricter test: outcome unreachable by construction). Anchored on the June 2026 OWASP State of Agentic AI Security and Governance data (six-of-ten injection mapping, DORA/NIS2 windows, IBM-cited 37% shadow-AI stat), attributed via Help Net Security coverage.

Review trail

Fact-check (ASI names cross-checked against official list + both corpus posts; "universal joint" reattributed away from the report; "two years" corrected) + set-level style agent (cross-post de-duplication) + codex ×2 + residue fix.

Merge notes

Test plan

  • Links + glossary anchors verified · [x] Frontmatter 43/51, 153/160 · [ ] CI build

amavashev added 2 commits July 6, 2026 11:54
Tier-2 SEO post, publish date 2026-07-20. Category-by-category
enforceability verdicts (4 yes / 3 partial / 3 no) with an explicit
scoring reconciliation against the framework pillar's six-of-ten
count; June 2026 OWASP report data (six-of-ten injection mapping,
DORA/NIS2 windows, IBM-cited 37%) attributed via Help Net Security
coverage. Review cycles 1-2 + codex (2 rounds + residue fix) applied.
Depends on the lethal-trifecta PR for one link.
Apply 1 / modify 0 / skip 0 (reviewer round 1, Medium finding):
- The enforceability test conflated "runtime-authority enforceable"
  with "enforceable at all", and mislisted sandboxes as probability-
  reducers. Test section now scopes the question to the runtime
  authority layer explicitly, table column renamed "Enforceable by
  runtime authority?", and the "nos" paragraph states that sandboxing
  enforces ASI05 deterministically at a different layer (likewise
  channels for ASI07, disclosure design for ASI09).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant