OWASP ASI07 Insecure Inter-Agent Communication

What is OWASP ASI07 Insecure Inter-Agent Communication?

Insecure inter-agent communication covers A2A, MCP, and custom protocols without strong authentication, signing, or trust-boundary enforcement between agents.

What this looks like in production

A forged message between agents can redirect a whole network while each hop looks locally valid. Multi-agent convenience becomes multi-agent attack surface.

What teams usually do about it

  • Mutually authenticate agents and sign messages.
  • Test protocol spoofing in purple-team exercises.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox