OWASP ASI01 Agent Goal Hijack

What is OWASP ASI01 Agent Goal Hijack?

Agent goal hijack is when untrusted content changes an agent's objective, task plan, or decision path. Unlike a single bad reply, the whole workflow chases the wrong goal with full privileges.

What this looks like in production

EchoLeak-style cases showed Copilot-style agents exfiltrating data from hidden email content the user never opened. You asked it to read mail; the attacker redefined success.

What teams usually do about it

  • Sanitize external content before it influences planning.
  • Make goals explicit and auditable across multi-step runs.
  • Test indirect injection across tools and memory, not one chat turn.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox