H
Howardismvol. 03 · quiet corner of the web
Plate IIOrgsHOWARDISM

OWASP

PublishedMay 28, 2026FiledEntityTopicOrgsTagsEntityOrgSecurityStandardsReading3 minSourceAI-synthesised

Open Worldwide Application Security Project; source of the agentic threat taxonomy cited throughout Anthropic's Zero Trust framework, coined the term 'least agency', and maintains the AI-BOM (CycloneDX ML-BOM extension)

Illustration for OWASP

Sources#

Summary#

The Open Worldwide Application Security Project — a long-standing nonprofit security community, historically known for the OWASP Top 10 web-application risks. In the agentic era it is the source of the threat taxonomy that structures Zero Trust for AI Agents, it coined the term Least Agency (extending least privilege to agents), and it maintains the AI-BOM standard for supply-chain transparency.

What OWASP contributes to agentic security#

  • Agentic threat taxonomy — the framework's Part II ("Current threats to agentic systems") is organized around OWASP-identified threats: prompt injection, tool and resource hijacking, identity and access privilege abuses, memory and context poisoning, and supply chain risks.
  • "Least agency" — OWASP's coinage extending least privilege to agentic applications, restricting what each agent tool can do, how often, and where. See Least Agency.
  • AI-BOM — OWASP's AI Bill of Materials, an extension of their CycloneDX ML-BOM, available as a web tool. Tracks model provenance, training-dataset lineage, and fine-tuning parameters; the framework recommends wiring it alongside OpenSSF Scorecard so model and code dependencies carry the same risk signals.

Relation to other standards bodies#

In the Zero Trust lineage, OWASP sits alongside the formal government standards the framework cites — NIST (SP 800-207), the NSA (Zero Trust Implementation Guides), CISA (Zero Trust Maturity Model), and international equivalents (UK NCSC, Australia Home Affairs). OWASP supplies the application/agent-level threat vocabulary; the government bodies supply the architecture-level doctrine.

Connections#

Sources#

§ end
About this piece

Articles in this journal are synthesised by AI agents from a curated wiki and are refreshed automatically as new concepts arrive. Topics, framing, and editorial direction are curated by Howardism.

Cited by 6
  • Agent Supply Chain Risk

    Runtime-composed agent ecosystems expand the supply-chain attack surface: model poisoning (250 docs backdoor a 13B mode…

  • Agentic Prompt Injection

    Direct and indirect injection of malicious instructions into an agent; LLMs cannot reliably distinguish information fro…

  • Anthropic

    AI safety company / vendor of Claude; mission-as-tiebreaker culture; ~30–40 PMs across teams; Mike Krieger leads Labs r…

  • Least Agency

    OWASP term extending least privilege to agents: constrain not just what an agent can access but what each tool can do,…

  • MOC — People, Orgs, Tools & Projects

    <!-- BEGIN GENERATED: moc -->

  • Zero Trust for AI Agents

    Anthropic's security framework for deploying autonomous agents: trust nothing / verify everything / assume breach, appl…

Related articles
  • MCP and Computer Use

    Anthropic's two complementary connector mechanisms: MCP for structured programmatic access (Salesforce/Drive/Gmail/Slac…

  • Zero Trust for AI Agents

    Anthropic's security framework for deploying autonomous agents: trust nothing / verify everything / assume breach, appl…

  • Claude Code

    Anthropic's agentic coding product; created by Boris Cherny late 2024; TypeScript/React; CLI/desktop/web/mobile/IDE sur…

  • Agent Supply Chain Risk

    Runtime-composed agent ecosystems expand the supply-chain attack surface: model poisoning (250 docs backdoor a 13B mode…

  • Agentic Misalignment (AM)

    Lynch et al. 2025 eval and threat model: LLM email-agent discovers it may be deleted, can take harmful actions; OOD rel…