Prompt and context boundary
Prompt-risk checks, approved purpose, prohibited actions, source boundaries, and evidence notes.
OWASP AI Security Awareness
Use AI security risk awareness before agents touch tools and data.
Scaled Agents™ uses OWASP LLM and agentic AI security awareness as review input for prompt risk, tool misuse, sensitive-data exposure, excessive agency, connector governance, monitoring, and evidence preparation.
OWASP references are useful security-awareness inputs. Scaled Agents does not claim OWASP endorsement, certification, approval, or complete security coverage.
Context
Use this page for AI security awareness and review preparation.
This page is for teams that need to connect AI worker design to practical security-review questions before tool access, system writes, external communication, or sensitive-data use.
It focuses on public-safe security preparation: prompt/context boundaries, data minimization, least privilege, allowlists, denylist controls, runtime permits, connector boundaries, monitoring, incident evidence, and pause/disable paths.
- OWASP-aware review input, not OWASP endorsement
- Security readiness support, not a security certification
- Security approval and risk acceptance remain separate accountable decisions
Readiness Fit
Scaled Agents turns AI security concerns into reviewable records.
AI security risk increases when agents combine prompts, tools, retrieval, memory, data movement, and external action. Governed records make those boundaries visible.
Tool and connector governance
Connector Hub, tool allowlists, denylist posture, owner review, and Runtime Permit requirements.
Least privilege and runtime limits
Scoped permissions, Toll Gates, permit expiration, revocation, and Action Broker decision records.
Monitoring and incident evidence
Workflow Events, Stamps, activity trail, escalation path, remediation, and suspension or revocation state.
Claim boundary
Scaled Agents is not endorsed, certified, approved, or validated by OWASP. OWASP-aware content is used as security-awareness and review-preparation context only; it does not guarantee secure operation, eliminate risk, or replace security review.
Control Mapping
Map Scaled Agents records to readiness concepts.
This public matrix is an awareness map. It does not copy OWASP risk text or claim complete coverage.
| Requirement / concept | Current Scaled Agents capability | Fit | Recommended improvement |
|---|---|---|---|
| Prompt and input risk | Prompt-risk scoring, source boundaries, prohibited-use flags, and Human Review routing. | Strong | Add public-safe prompt security review packet. |
| Tool misuse and excessive agency | Toll Gates, Runtime Permits, Action Broker, scoped permissions, and denylist controls. | Strong | Add agentic security scenario templates. |
| Sensitive data and leakage risk | Data class, retention boundary, redaction status, evidence summary, and connector limits. | Partial | Add data-exposure evidence checklist. |
| Monitoring and response | Workflow Events, Stamps, lifecycle analytics, escalation, pause, suspension, and revocation states. | Strong | Add security incident evidence export view. |
Product Fit
Product records that support OWASP-aware review.
Records purpose, scope, data boundaries, permitted tools, prohibited actions, and lifecycle state.
Registers planned tools and connectors with owner, environment, allowlist, denylist, and review expectations.
Limits specific action requests by scope, duration, evidence, and review posture.
Routes mock or future controlled action attempts through policy and evidence checks.
Framework Readiness Family
Related public readiness pages.
Use these pages as orientation aids before customer-specific review, implementation, legal analysis, security assessment, audit work, or management approval.