LLM & AI Agent Security Framework - OWASP + NIST
📋
Requirements
Foundational security requirements and risk identification
LLM Security Foundations (3)
OWASP Top 10 for LLM Applications 2025 ↗
Critical
OWASP
Core vulnerabilities: Prompt Injection, Sensitive Info Disclosure, Supply Chain, Data Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector/Embedding Weaknesses, Misinformation, Unbounded Consumption
NIST AI RMF 1.0 ↗
Critical
NIST
Four core functions: GOVERN, MAP, MEASURE, MANAGE for AI risk management lifecycle
NIST AI 600-1: GenAI Profile ↗
High
NIST
Cross-sectoral profile for generative AI risks: CBRN, CSAM, Confabulation, Data Privacy, Human-AI Config, Information Integrity
Agentic AI Security (2)
OWASP Top 10 for Agentic Applications 2026 ↗
Critical
OWASP
Agent Goal Hijack, Identity/Privilege Abuse, RCE, Insecure InterAgent Comms, Human Trust Exploitation, Tool Misuse, Supply Chain, Memory Poisoning, Cascading Failures, Rogue Agents
OWASP Agentic AI Core Security Risks v0.5
High
OWASP
Detailed risk taxonomy for autonomous AI systems with mitigations
Protocol-Specific & Threat Intelligence (2)
OWASP MCP Top 10 (Beta) ↗
High
OWASP
Token Mismanagement, Scope Creep, Tool Poisoning, Supply Chain, Command Injection, Prompt Injection, Auth/AuthZ, Shadow MCP, Context Over-sharing, Logging Gaps
MITRE ATLAS™ ↗
High
MITRE
Adversarial Threat Landscape for AI Systems - tactics, techniques, and case studies
🏗️
Design
Secure architecture patterns and implementation guidance
Architecture Patterns (4)
Securing Agentic Applications Guide
Critical
OWASP
Practical technical guidance for secure agentic app design and deployment
Single-Agent Security Controls
High
OWASP
Isolation, sandboxing, and constraint patterns for single agents
Multi-Agent Security Controls
High
OWASP
Trust boundaries, communication protocols, orchestration security
MCP Security Guide ↗
Critical
OWASP
Tool poisoning mitigation, prompt injection defense, memory security, client sandboxing
Infrastructure & Data Security (4)
NIST SP 800-218A: Secure Software Dev for GenAI
High
NIST
SSDF supplement for AI/ML secure development practices
RAG Security Patterns
High
Design Pattern
Vector DB security, embedding protection, retrieval guardrails
Context Window Security
High
Design Pattern
Memory isolation, context leakage prevention, session boundaries
VM Hardening & Network Isolation
High
Infrastructure
Container security, network segmentation, egress controls
🧪
Testing
Evaluation, red teaming, and vulnerability assessment
Red Teaming (3)
GenAI Red Teaming Guide (Scope, Strategy, Blueprint)
Critical
OWASP
Comprehensive scope, strategy, and blueprint for AI red team operations
Agentic AI Red Teaming Guide
Critical
OWASP
12 Threat Categories specific to autonomous agents
OWASP AI-VSS (Agentic Scoring) ↗
High
OWASP
AI Vulnerability Scoring System - standardized risk quantification
Testing Tools & Frameworks (4)
NIST Dioptra ↗
High
NIST
Open-source adversarial ML testing framework for model robustness evaluation
OWASP FinBot CTF
Medium
OWASP
Capture The Flag platform for practicing agentic security skills
Prompt Injection Testing
Critical
Testing Pattern
Direct/indirect injection, jailbreak attempts, system prompt extraction
NIST AI RMF: MEASURE Function
Critical
NIST
Quantitative/qualitative tools for AI risk measurement and benchmarking
🛡️
Governance
Policies, oversight, and organizational controls
NIST Risk Management Framework (2)
NIST AI RMF Core: GOVERN Function ↗
Critical
NIST
Organizational policies, roles, accountability structures for AI risk management
NIST AI RMF: MAP Function
Critical
NIST
Context establishment, risk identification, impact assessment
Agentic Governance & Supply Chain (4)
State of Agentic Security & Governance 1.0
Critical
OWASP
Practical governance guide for safe autonomous AI deployment
OWASP GenAI COMPASS
High
OWASP
Total Impact Assessment methodology for GenAI systems
Human-AI Configuration Policies (GOVERN 3.2)
High
NIST
Oversight levels, human-in-the-loop requirements, autonomy boundaries
AI-BOM / ML-BOM
High
Industry
Bill of Materials for AI components, model cards, dataset documentation
⚙️
Operations
Runtime security, monitoring, and incident response
Runtime Security (3)
Secure Operations & Runtime Phase
Critical
OWASP
Production security controls for deployed AI systems
NIST AI RMF: MANAGE Function
Critical
NIST
Risk treatment, response actions, continuous improvement
Kill Switches & Circuit Breakers
Critical
Operations
Emergency shutdown, agent termination, cascading failure prevention
Monitoring & Incident Response (4)
LLMSecOps: Anomaly Detection
High
Industry
Behavioral monitoring, drift detection, abuse identification
LLMSecOps: Immutable Logs
High
Industry
Audit trails, prompt/response logging, forensic readiness
AI Incident Response Playbooks
High
Operations
Prompt injection response, model compromise, data exfiltration procedures
Content Provenance (C2PA)
Medium
Industry
Watermarking, synthetic content detection, authenticity verification
🔀

Cross-Cutting Concerns

Supply Chain Security

  • Model provenance verification
  • Dataset integrity tracking
  • Dependency scanning (ML libs)
  • Plugin/tool vetting workflows

Privacy & Data Protection

  • PII in training data handling
  • Inference attack prevention
  • Membership inference protection
  • Model inversion defense

Compliance Alignment

  • EU AI Act requirements
  • NIST CSF 2.0 integration
  • ISO/IEC 42001 alignment
  • SOC 2 for AI adaptations