OWASP ASI05 Unexpected Code Execution

What is OWASP ASI05 Unexpected Code Execution?

Unexpected code execution is when agent-generated or tool-mediated code runs without adequate sandboxing or review - turning text into RCE through coding agents or unsafe serialization.

What this looks like in production

Cursor-style incidents deleted production data because an agent had credentials and freedom to execute. Generated code bypasses controls written for human developers.

What teams usually do about it

  • Sandbox agent-generated code with strict network and filesystem limits.
  • Require review before shell execution in production paths.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox