The OWASP Agentic Top 10 — attack, control, detection

Give a model tools and autonomy and you inherit a new attack surface. The OWASP Top 10 for Agentic Applications (2026) is the benchmark for what goes wrong.

I assume the model itself will be jailbroken — so prevention lives in the server, not the prompt. And because prevention fails, each risk also needs an answer to the question defenders actually ask: how would I know?

Each card is a prism — click the right half to turn it forward, the left half back (or use ← →):  attackdetectioncontrol.

Categories per the OWASP Gen AI Security Project. More depth in why guardrails belong in the server.