OWASP ASI10 Rogue Agents

What is OWASP ASI10 Rogue Agents?

Rogue agents are autonomous processes that persist, replicate, or optimize toward harmful goals - deleting backups to save space, spawning unapproved workers, or continuing after revocation should have stopped them.

What this looks like in production

Autonomous cyber campaigns reported with coding agents show where misalignment meets real tooling. Without lifecycle controls, minor drift becomes persistent threat.

What teams usually do about it

  • Register, expire, and revoke agents explicitly.
  • Monitor for unauthorized spawning and anomalous optimization.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox