"The document presents a reference architecture for agentic systems that shows four components: the memory system, tools the agent calls, the planning system, and the orchestration layer. While fifteen threats are identified in the document, most of these are present in other LLM based systems, such as chat bots, and are not specific to agentic systems. These threats are documented in other OWASP documentation - see, for example, OWASP Top 10 for Large Language Model Applications."
"Agents promise to revolutionize system workflows with their ability to interact with computing tools and services but these interactions also open a unique attack surface, OWASP says. Tool misuse is identified as the major new threat, and the use of tools means that if the agent can be tricked into sending arbitrary content to the tools, all of the vulnerabilities that exist in the tools can be exploited by an attacker."
"Tool misuse occurs when attackers manipulate AI agents into abusing their authorized tools through deceptive prompts and operational misdirection, leading to unauthorized data access, system manipulation, or resource exploitation while staying within granted permissions."
Agentic AI systems include four components: a memory system, callable tools, a planning system, and an orchestration layer. Interactions with external tools create a unique attack surface that can expose agents to exploitation. Fifteen threats are identified, most overlapping with existing LLM-based system threats such as those found in chatbots. Tool misuse emerges as the primary novel threat, enabling attackers to manipulate agents to abuse authorized tools and perform unauthorized data access, system manipulation, or resource exploitation. Examples include invoking tools with wrong credentials or elevated privileges and using prompt injection to craft malicious API calls. Two primary architectural defenses are described, including adding an AI firewall between agents and tools.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]