The OWASP Agentic Security Initiative's threat taxonomy for agentic AI (memory poisoning, tool misuse, privilege compromise, resource overload, cascading hallucination, intent breaking, misaligned and deceptive behaviour, repudiation and untraceability, identity spoofing, overwhelming human-in-the-loop) maps cleanly onto seven specific enterprise controls: scoped non-human identity, action-class approval gates, decision audit logging at Article 12 evidence quality, MTTD-for-Agents layered detection, deployment-tier resource quotas, behavioural drift monitoring, and HITL throughput limits. An enterprise that operates these seven controls covers all ten OWASP threat classes; an enterprise missing more than two of the controls has structural exposure to at least four of the threat classes.

OWASP Agentic AI Top 10 enterprise walkthrough. 90-day review cadence. Watches: (1) revisions to the OWASP Agentic Security Initiative threat catalogue (active project, version revisions expected through 2026), (2) new threat classes added to the catalogue (e.g., agent-communication poisoning in multi-agent systems is an emerging T11 candidate), (3) regulatory enforcement actions that establish case-law-equivalent guidance on which threat classes constitute negligence under the EU AI Act.