OWASP Top 10 for Agentic Systems (ASI)
OWASP ASI mapping is included on every plan.
What it covers
The OWASP Top 10 for Agentic Systems (ASI) names the 10 highest-impact risk classes for AI agents. Behavry ships a built-in mapping from each risk to the product capability that addresses it, with live metrics pulled from the audit log and an exportable evidence view.
Use this page as a starting point for any AI-risk conversation with auditors, security reviewers, or internal governance committees.
The risks and Behavry's answer
| # | Risk | How Behavry addresses it |
|---|---|---|
| ASI-01 | Prompt injection | Inbound Injection Scanner, Outbound Scanner, Content Trust Domains, Intent Drift |
| ASI-02 | Insecure tool use | Policy Engine, Context Gate, Blast Radius Limits |
| ASI-03 | Sensitive data exposure | DLP Scanner, Data Protection Pipeline |
| ASI-04 | Supply chain attacks on tools/models | AI Surface Mapping, Dependency & Lineage |
| ASI-05 | Improper authentication | Agent Identity, Requester Identity Propagation, SSO / OIDC / SAML |
| ASI-06 | Excessive agency | Action Blast Radius, Restricted Mode, HITL Escalation |
| ASI-07 | Behavioral drift | Behavioral Monitor, Cross-Session Trust Reset |
| ASI-08 | Tool response poisoning | Inbound Rules, Content Trust Domains |
| ASI-09 | Insufficient audit | Decision Trace, Audit Integrity, SIEM Connectors |
| ASI-10 | Agent workflow compromise | Workflow Governance, Requester Identity |
Live metrics
Every mapping row carries a live metric computed from the last 30 days of audit events:
- ASI-01 — count of injection events blocked / warned / passed
- ASI-02 — count of tool calls denied by policy, with top-10 tools
- ASI-03 — count of DLP hits by severity
- ASI-05 — number of agents with valid workflow tokens; orphaned session count
- ... and so on for each risk
Numbers update on the Compliance → OWASP ASI page every refresh; each row links through to the raw event list with the filter pre-applied.
Export
Exportable as CSV, JSON, or a branded PDF report.
- CSV — mapping table + metrics, one row per risk
- JSON — same structure, for programmatic ingestion into GRC tools
- PDF — formatted report with cover page, mapping, metrics, and a 30-day trend chart
GET /api/v1/compliance/owasp-asi/export?format=pdf|csv|json
Where the mapping lives
Source: backend/behavry/compliance/owasp_asi.py. Each risk has a Requirement record with:
- The OWASP ASI identifier and title
- The Behavry capability key (matches the entitlement flag)
- A metric query (SQL against
audit_events) - Evidence queries for the PDF report
Related
- Compliance overview — all framework mappings
- Framework mapping — cross-framework reference
- SIEM Connectors — forward ASI-tagged events to your SIEM