OWASP智能体安全分类框架

v20260424

owasp-asi

本技能基于OWASP标准，为智能体应用（Agentic Applications）提供了一套标准化的安全风险分类框架。它能够系统地将发现的各类安全问题，如提示注入、工具滥用、身份权限滥用等，映射到十个核心风险类别（ASI01-ASI10）。这对于安全团队评估、分类和解决复杂AI代理系统中的漏洞至关重要。

OWASP 安全人工智能智能体分类风险漏洞

获取技能

218 次下载

概览

OWASP ASI Classification Framework

OWASP Top 10 for Agentic Applications 2026 - Standardized risk classification for AI agent security.

Risk Categories

ID	Risk Type	Key Indicators
ASI01	Agent Goal Hijack	Prompt injection, instruction override, goal manipulation
ASI02	Tool Misuse & Exploitation	Unauthorized tool calls, parameter tampering, unvalidated inputs
ASI03	Identity & Privilege Abuse	Auth bypass, permission escalation, missing authorization
ASI04	Agentic Supply Chain	Malicious dependencies, compromised tools, package poisoning
ASI05	Unexpected Code Execution	RCE, command injection, code evaluation
ASI06	Memory & Context Poisoning	Data leakage, context manipulation, memory corruption
ASI07	Insecure Inter-Agent Comm	Unencrypted channels, data exposure between agents
ASI08	Cascading Failures	Error propagation, chain reaction vulnerabilities
ASI09	Human-Agent Trust Exploit	Social engineering, deceptive responses
ASI10	Rogue Agents	Malicious agent behavior, unauthorized actions

Detection Source → ASI Mapping

Detection Source	Type	Primary ASI	Secondary ASI
`data-leakage-detection`	Skill	ASI06, ASI07	ASI01, ASI03
`tool-abuse-detection`	Skill	ASI02, ASI05, ASI07	ASI03
`indirect-injection-detection`	Skill	ASI01	ASI06
`authorization-bypass-detection`	Skill	ASI03	ASI09
Prompt Injection tests	Dialogue	ASI01, ASI06	ASI09
Code Audit	Agent	ASI04, ASI05	ASI10

Finding → ASI Mapping

Finding Type	ASI Category	Rationale
API keys, tokens	ASI06	Context contains sensitive data
System prompts	ASI01	Enables goal hijacking
Credentials	ASI03	Identity abuse risk
Internal configs	ASI04	Supply chain exposure
PII exposure	ASI07	Inter-agent data leak
Command injection	ASI05	Unexpected code execution
Unauthorized tool calls	ASI02	Tool misuse

Severity Classification

Critical 🚨

Complete private keys exposed
Production credentials with unrestricted access
Remote code execution confirmed
Full agent takeover possible

Action: Immediate remediation (within 24 hours)

High ⚠️

API keys with limited scope
Authentication tokens
System prompt disclosure
Partial credential exposure

Action: Urgent remediation (within 1 week)

Medium 💡

Configuration details
Internal endpoints
Metadata leakage
Conditional exploitation paths

Action: Address within 2-4 weeks

Low ℹ️

Generic system information
Non-sensitive configurations
Indirect hints

Action: Review as time permits

Usage

Load this skill when performing OWASP ASI classification:

load_skill(name="owasp-asi")

Then apply the mapping rules to classify findings.

信息

Category 编程开发

Name owasp-asi

版本 v20260424

大小 3.14KB

Source Tencent/AI-Infra-Guard

更新时间 2026-04-28