資料來源#
摘要#
Open Worldwide Application Security Project — 歷史悠久的非營利安全社群,以 OWASP Top 10 網頁應用程式風險清單聞名。在代理式時代,它是建構 Zero Trust for AI Agents 的威脅分類法來源,創造了 Least Agency 一詞(將 least privilege 延伸到代理式應用),並維護供應鏈透明度的 AI-BOM 標準。
OWASP 對代理式安全的貢獻#
- 代理式威脅分類法 — 框架第二部分(「代理式系統的當前威脅」)依 OWASP 所識別的威脅組織:prompt injection、工具與資源劫持、身分與存取權限濫用、Memory and Context Poisoning,以及 Agent Supply Chain Risk。
- 「least agency」 — OWASP 的創詞,將 least privilege 延伸到代理式應用,限制每個代理工具能做什麼、頻率多高、在何處執行。見 Least Agency。
- AI-BOM — OWASP 的 AI Bill of Materials,為其 CycloneDX ML-BOM 的擴充,並提供網頁工具。追蹤模型出處、訓練資料集譜系與微調參數;框架建議與 OpenSSF Scorecard 一併串接,使模型與程式碼依賴承載相同的風險訊號。
與其他標準制定機構的關係#
在 Zero Trust 譜系中,OWASP 與框架所引用的正式政府標準並列 — NIST(SP 800-207)、NSA(Zero Trust Implementation Guides)、CISA(Zero Trust Maturity Model),以及國際對等機構(UK NCSC、Australia Home Affairs)。OWASP 提供應用/代理層級的威脅詞彙;政府機構則提供架構層級的準則。
相關連結#
- Zero Trust for AI Agents — 建構於 OWASP 代理式威脅分類法之上的框架
- Least Agency — OWASP 創詞
- Agent Supply Chain Risk — OWASP 維護用於管理的 AI-BOM
- Agentic Prompt Injection / Memory and Context Poisoning — OWASP 代理式分類法中的威脅
- Anthropic — 在其 Zero Trust 框架中採納並延伸 OWASP 分類法
資料來源#
- Zero Trust for AI Agents — 引用 OWASP 為代理式威脅分類法、「least agency」與 AI-BOM 的來源
Cited by 6
- Agent Supply Chain Risk
Runtime-composed agent ecosystems expand the supply-chain attack surface: model poisoning (250 docs backdoor a 13B mode…
- Agentic Prompt Injection
Direct and indirect injection of malicious instructions into an agent; LLMs cannot reliably distinguish information fro…
- Anthropic
AI safety company / vendor of Claude; mission-as-tiebreaker culture; ~30–40 PMs across teams; Mike Krieger leads Labs r…
- Least Agency
OWASP term extending least privilege to agents: constrain not just what an agent can access but what each tool can do,…
- Entities — People, Orgs, Tools & Projects
Map of Content for all 32 entity pages. See Home for concept domains.
- Zero Trust for AI Agents
Anthropic's security framework for deploying autonomous agents: trust nothing / verify everything / assume breach, appl…
Related articles
- MCP and Computer Use
Anthropic's two complementary connector mechanisms: MCP for structured programmatic access (Salesforce/Drive/Gmail/Slac…
- Zero Trust for AI Agents
Anthropic's security framework for deploying autonomous agents: trust nothing / verify everything / assume breach, appl…
- Claude Code
Anthropic's agentic coding product; created by Boris Cherny late 2024; TypeScript/React; CLI/desktop/web/mobile/IDE sur…
- Agent Supply Chain Risk
Runtime-composed agent ecosystems expand the supply-chain attack surface: model poisoning (250 docs backdoor a 13B mode…
- Agentic Misalignment (AM)
Lynch et al. 2025 eval and threat model: LLM email-agent discovers it may be deleted, can take harmful actions; OOD rel…