OWASP ASI08: Cascading Failures

Because agents plan, persist, and delegate autonomously, errors bypass stepwise human approval and persist in saved state. As agents form emergent links to new tools or peers, latent faults chain into privileged operations. ASI08 amplifies LLM01:2025, LLM04:2025, and LLM06:2025 across multi-agent topologies.

Common ASI08 patterns include:

• Planner-executor coupling: A hallucinating planner emits unsafe steps the executor auto-runs.
• Corrupted persistent memory: Poisoned state continues influencing new plans even after the source is gone.
• Inter-agent cascades: A poisoned update causes peers to act on false alerts or reboot instructions.
• Auto-deployment cascades: A tainted release pushed by an orchestrator propagates to all connected agents.
• Feedback-loop amplification: Agents relying on each other's outputs create self-reinforcing failure.

Financial trading cascades, healthcare protocol propagation, and auto-remediation feedback loops show how fast multi-agent failures scale. Containment requires zero-trust design, isolation boundaries, just-in-time credentials, circuit breakers between planner and executor, and tamper-evident logging for forensic traceability.

How PointGuard AI Helps

PointGuard's Agent Governance Mesh ships circuit breakers, ring isolation, and emergency kill switches, while the MCP Security Gateway issues just-in-time, task-scoped credentials so a single fault cannot trigger chain reactions across agents and tools.

Learn More

OWASP Top 10 for Agentic Applications

Google SRE: Addressing Cascading Failures

MITRE ATLAS