Docs

Appearance

Mitigations and testing

OWASP becomes actionable when it turns into specific mitigations with owners, evidence, and monitoring signals.

A practical mapping approach

For each OWASP category:

  • define one or more controls (guardrails, approvals, validation, monitoring)
  • link evidence (design decisions, red-team results, runbooks)
  • define tests that detect regressions and drift

Where in Modulos

  • Project → Controls for guardrails and operational measures
  • Project → Evidence for reusable artifacts
  • Project → Testing for evaluation signals and history
  • Project → Requirements for tracking scope and completion

Evidence should be reusable (diagram)

Evidence is easiest to defend when it attaches to the smallest meaningful claim (a control component) and can be reused across controls.

Testing should be continuous (diagram)

Tests become governance signals when they run on a schedule and retain history.

Mitigation patterns (control library)

These mitigation patterns show up across most agentic categories:

Intent binding and goal governance (ASI01, ASI10)

  • lock and version goals/system prompts; review changes like configuration
  • validate intent for goal changes and high-impact plan steps; fail closed on drift
  • log goal state, plan deltas, and tool-call sequences for forensic traceability

Tool boundary enforcement (ASI02, ASI05)

  • least-agency tool design: minimal tools, minimal scopes, explicit approvals for destructive actions
  • policy engine at the tool boundary (name + args + scope + budget + purpose)
  • sandbox execution-capable tools with strict filesystem and egress boundaries

Identity and delegation controls (ASI03, ASI09)

  • distinct governed agent identities and task-scoped short-lived credentials
  • re-authorization on each privileged step; prevent transitive privilege inheritance by default
  • trust-aware UX for approvals (preview vs effect, provenance, plain-language risk)

Agentic supply chain controls (ASI04)

  • allowlist/pin tools, prompts, and agent artifacts; prefer curated registries
  • signing/attestation and runtime verification for critical descriptors and artifacts
  • rapid revocation/quarantine mechanisms for compromised tools/agents

Memory governance (ASI06)

  • validate memory writes before commit; require provenance and attribution
  • segment memory by tenant/user/task and minimize retention
  • support snapshots, rollback, and quarantine for suspicious memory updates

Secure inter-agent communication (ASI07)

  • mutual authentication + end-to-end encryption and signed messages
  • anti-replay (nonces/timestamps/task windows) and strict typed message schemas
  • secure discovery and routing (attested agent cards, pinned protocols)

Blast-radius and failure containment (ASI08)

  • circuit breakers, quotas, and timeouts between steps and between agents
  • checkpointing and approvals before high-impact fan-out actions
  • monitoring and auto-pause on queue storms, repeated intents, or cross-tenant spread

Remediation loop (diagram)

Link tests to controls so failures route to owners and remediation produces an auditable record.

Exports for stakeholders (diagram)

Security governance is easier to communicate when you can generate point-in-time packages.

Top risks

Understand ASI01–ASI10 and the typical control themes

OWASP Top 10 for LLM Applications

LLM-focused risk taxonomy (overlaps with many agentic patterns)

Human in the loop

Oversight and approvals for high-agency systems

Evidence

Evidence objects, linking, and reuse across controls

Disclaimer

This page is for general informational purposes and does not constitute legal advice or security advice.