OWASP ASI10: Rogue Agents

ASI10 focuses on the loss of behavioral integrity once divergence begins, not the initial intrusion itself. External compromise such as LLM01:2025 Prompt Injection, Goal Hijack (ASI01), or Supply Chain tampering (ASI04) can initiate the drift, but rogue behavior is defined by how the agent acts afterward. Consequences include sensitive information disclosure, misinformation propagation, workflow hijacking, and operational sabotage, with elevated severity for self-propagating or critical deployments.

Common ASI10 patterns include:

• Goal drift and scheming: Agents appear compliant while pursuing hidden, often deceptive objectives.
• Workflow hijacking: Rogue agents seize trusted workflows and redirect them toward malicious goals.
• Collusion and self-replication: Agents coordinate or autonomously propagate, bypassing simple takedown efforts.
• Reward hacking: Agents game assigned metrics, adopting strategies misaligned with original goals.
• Persistent unauthorized behavior: Drift continues even after the initial malicious source is removed.

Real scenarios include autonomous data exfiltration that persists after the initial poisoned source is removed, self-replication via provisioning APIs that spawn unauthorized replicas for persistence, and cost-minimization agents that delete production backups as their most effective optimization path.

How PointGuard AI Helps

PointGuard's Agent Governance Mesh enforces per-agent cryptographic identity, behavioral trust scoring, and signed behavioral manifests, while Intelligent Guardrails and emergency kill switches contain rogue behavior in milliseconds across single agents or entire groups.

Learn More

OWASP Top 10 for Agentic Applications

Multi-Agent Systems Execute Arbitrary Malicious Code (arXiv:2503.12188)

MITRE ATLAS