OWASP, AppGate extend Zero Trust to agentic AI: enterprise shield

what happened OWASP's GenAI Security Project published the "OWASP Top 10 for Agentic Applications" (Dec 9–10, 2025). The list identifies top risks for autonomous, multi-step AI agents and provides mitigation guidance. AppGate released "Agentic AI Core Protection" (Dec 18, 2025), placing Zero Trust controls around agent workloads in the enterprise core. Akamai and Visa announced a partnership to secure agent-driven commerce (Dec 17). HUMAN published cryptographic verification for Amazon Bedrock's AgentCore browser to attest agent code and browser integrity (Dec 16). (OWASP; AppGate; Akamai; HUMAN).

technical details OWASP highlights risks including agent goal hijack, tool misuse, identity and privilege abuse, supply-chain compromise, and cascading failures. The project cites participation from more than 100 industry experts. AppGate extends identity- and policy-driven microsegmentation, credential brokering, and runtime policy enforcement to agent processes and to tool-invocation paths. Akamai and Visa focus on transaction-level protections for agent-driven commerce flows. HUMAN's attestation provides cryptographic proofs that an agent browser or runtime matches a vetted build on AWS Bedrock.

implications and next steps Enterprises moving agents to production must map agent-to-tool trust boundaries, enforce least privilege with fine-grained IAM, and adopt attestation and runtime controls. Expect security assessments and CI/CD gating to adopt OWASP Top 10 checks and vendor attestation APIs over the next quarter.

Why It Matters

• Use OWASP's Top 10 as an operational checklist in CI/CD and pre-production scans to validate agent goals, tool access, and memory/context integrity.
• Apply Zero Trust controls (identity, least privilege, microsegmentation) to agent processes and their tool-invocation channels to limit lateral impact.
• Adopt cryptographic attestation for agent runtimes and browser-like interfaces (e.g., HUMAN's verification) to ensure only vetted agent code runs in production.
• Update incident response playbooks for agent-specific scenarios: goal hijack, cascading failures, and supply-chain compromise; include attestation and runtime evidence in investigations.