OWASP LLM Top 10 isn't enough for agents
Red teaming that meets LLM systems where the real failure modes live.
Prompt injection, tool-use abuse, data exfil via RAG, agent-to-agent compromise, and supply-chain risks across the model stack.
Problem profile / 04 of 07
LLM apps, AI agents, and RAG pipelines.
- NIST AI RMF
- EU AI Act (mapping)
- OWASP LLM Top 10
- MITRE ATLAS
01 / Operating pressure
The problems in this profile.
LLM apps, AI agents, and RAG pipelines.
01 02 Prompt injection via indirect channels (docs, web, email)
03 Data-leakage via RAG context
04 Model supply-chain opacity
02 / Engagement design
The testing focus.
The tracks below come directly from this AI & ML use-case profile.
- Track / 01
Prompt injection
Direct, indirect, cross-agent, and tool-mediated.
- Track / 02
Agent abuse
Tool escalation, arbitrary code paths, goal hijacking.
- Track / 03
Data exfil
RAG context leakage, system-prompt extraction, embedding inversion.
- Track / 04
Evaluator suite
We hand you an eval suite you can run in CI.
03 / Decision context
Framework context and intended outcomes.
Standards represented
Framework context
- NIST AI RMF
- EU AI Act (mapping)
- OWASP LLM Top 10
- MITRE ATLAS
Profile outcomes
Intended outcomes
- A threat model grounded in real LLM failure modes.
- CI-ready evals that catch regressions before customers do.
From profile to scope
Turn this profile into a scoped engagement.
Use the pressure points, testing tracks, framework context, and outcomes above as the agenda for a focused conversation.
