open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(knowledge): add MITRE ATLAS IDs to OWASP files + Norwegian regulatory context

Browse source
This commit is contained in:
Kjell Tore Guttormsen 2026-04-10 12:49:10 +02:00
commit e2c8924074
8 changed files with 301 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

20
plugins/llm-security/knowledge/owasp-agentic-top10.md
View file

@ -12,7 +12,7 @@ human supervision. Claude Code is an agentic system and maps directly to these r
## ASI01 — Agent Goal Hijack
**Category:** Goal and instruction integrity
**Category:** Goal and instruction integrity | **MITRE ATLAS:** AML.T0051 (LLM Prompt Injection), AML.T0058 (AI Agent Context Poisoning)
### Description
Attackers alter agent objectives by embedding hidden instructions in external content that the agent
@ -54,7 +54,7 @@ Real incident: EchoLeak — copilots turned into silent exfiltration engines via
## ASI02 — Tool Misuse and Exploitation
**Category:** Tool integrity and authorization
**Category:** Tool integrity and authorization | **MITRE ATLAS:** AML.T0061 (AI Agent Tools)
### Description
Agents misuse legitimate tools due to ambiguous prompts, manipulated input, or over-provisioned
@ -97,7 +97,7 @@ Real incident: Amazon Q and GitHub Actions compromised via repository content tr
## ASI03 — Identity and Privilege Abuse
**Category:** Identity, credentials, and delegation
**Category:** Identity, credentials, and delegation | **MITRE ATLAS:** AML.T0012 (Valid Accounts)
### Description
Agents often inherit user or system identities including high-privilege credentials, session tokens,
@ -140,7 +140,7 @@ exercise.
## ASI04 — Agentic Supply Chain Vulnerabilities
**Category:** Component integrity and provenance
**Category:** Component integrity and provenance | **MITRE ATLAS:** AML.T0010 (ML Supply Chain Compromise)
### Description
Tools, plugins, prompt templates, MCP servers, and agent definitions fetched or loaded dynamically
@ -183,7 +183,7 @@ Real incident: Malicious MCP servers impersonating legitimate ones, altering too
## ASI05 — Unexpected Code Execution
**Category:** Code generation and execution safety
**Category:** Code generation and execution safety | **MITRE ATLAS:** AML.T0011 (User Execution)
### Description
Agents generate or execute code unsafely through shell commands, eval-like constructs, script
@ -225,7 +225,7 @@ Coding agents like Claude Code are high-risk because code generation and executi
## ASI06 — Memory and Context Poisoning
**Category:** State integrity and persistence
**Category:** State integrity and persistence | **MITRE ATLAS:** AML.T0058 (AI Agent Context Poisoning), AML.T0020 (Poison Training Data)
### Description
Agents rely on memory systems, embeddings, RAG databases, context windows, and summaries to maintain
@ -266,7 +266,7 @@ Unlike one-shot injection, memory poisoning executes on every future session wit
## ASI07 — Insecure Inter-Agent Communication
**Category:** Multi-agent protocol integrity
**Category:** Multi-agent protocol integrity | **MITRE ATLAS:** AML.T0062 (Exfiltration via AI Agent Tool Invocation)
### Description
In multi-agent architectures, agents coordinate through message passing over MCP, RPC, shared files,
@ -309,7 +309,7 @@ downstream agents through compromised peers.
## ASI08 — Cascading Failures
**Category:** System resilience and blast radius
**Category:** System resilience and blast radius | **MITRE ATLAS:** AML.T0029 (Denial of ML Service)
### Description
In interconnected multi-agent architectures, a single compromised or hallucinating agent can
@ -353,7 +353,7 @@ execute without verification, multiplying the blast radius.
## ASI09 — Human-Agent Trust Exploitation
**Category:** Human oversight and social engineering
**Category:** Human oversight and social engineering | **MITRE ATLAS:** AML.T0043 (Craft Adversarial Data)
### Description
Users and operators over-trust agent recommendations due to their confident, authoritative
@ -400,7 +400,7 @@ copilots approving fraudulent transactions; support agents soliciting credential
## ASI10 — Rogue Agents
**Category:** Agent alignment and containment
**Category:** Agent alignment and containment | **MITRE ATLAS:** AML.T0018 (Backdoor ML Model)
### Description
Rogue agents are compromised or misaligned agents that act harmfully while appearing legitimate.