OWASP Compliance Dashboard

Monitor compliance with AI security frameworks and standards

Overall Compliance

OWASP LLM Top 10

OWASP Agentic AI Top 10

Fully Compliant

Partially Compliant

Non-Compliant

Total Controls

LLM01 Compliant

Prompt Injection

Manipulating LLMs via crafted inputs to cause unintended actions or expose sensitive data.

Critical Severity

Implemented Controls

Input validation and sanitization

Prompt boundary enforcement

Output filtering and monitoring

LLM02 Compliant

Insecure Output Handling

Trusting LLM outputs without validation can lead to XSS, CSRF, or code execution.

High Severity

Implemented Controls

Output encoding and escaping

Content Security Policy enforcement

Safe rendering practices

LLM03 Partial

Training Data Poisoning

Tampering with training data to introduce vulnerabilities, biases, or backdoors.

High Severity

Implemented Controls

Data source verification

Anomaly detection in training (partial)

Provenance tracking (planned)

LLM04 Compliant

Model Denial of Service

Resource-heavy operations causing service degradation or high costs.

Medium Severity

Implemented Controls

Rate limiting and throttling

Input length restrictions

Cost monitoring and alerts

LLM05 Compliant

Supply Chain Vulnerabilities

Risks from third-party components, models, or data sources in the LLM pipeline.

High Severity

Implemented Controls

Vendor security assessment

Model integrity verification

Dependency scanning

LLM06 Compliant

Sensitive Information Disclosure

Unintentional exposure of PII, credentials, or proprietary data through LLM outputs.

Critical Severity

Implemented Controls

PII detection and redaction

Data classification enforcement

Output DLP scanning

LLM07 Compliant

Insecure Plugin Design

Vulnerabilities in LLM plugins or integrations leading to code execution or data access.

High Severity

Implemented Controls

Plugin sandboxing

Capability-based permissions

Input/output validation

LLM08 Compliant

Excessive Agency

Granting LLMs excessive permissions to perform damaging actions without oversight.

Critical Severity

Implemented Controls

Least privilege enforcement

Human-in-the-loop for critical actions

Action logging and audit trails

LLM09 Partial

Overreliance

Trusting LLM outputs without verification leading to misinformation or errors.

Medium Severity

Implemented Controls

Confidence scoring display

Fact-checking integration (partial)

User disclaimers and warnings

LLM10 Compliant

Model Theft

Unauthorized access to proprietary LLM models through direct access or extraction.

High Severity

Implemented Controls

Access control and authentication

Rate limiting on API access

Query pattern monitoring

ASI01 Compliant

Agent Goal Hijacking

Manipulating agent objectives through adversarial inputs to perform unintended actions.

Critical Severity

Implemented Controls

Goal integrity verification

Objective boundary enforcement

Behavioral anomaly detection

ASI02 Compliant

Tool Misuse

Agents using available tools in harmful or unintended ways.

Critical Severity

Implemented Controls

Tool capability restrictions

Usage pattern monitoring

Action approval workflows

ASI03 Compliant

Rogue Agents

Agents operating outside defined boundaries or becoming autonomous in harmful ways.

Critical Severity

Implemented Controls

Kill switch implementation

Agent fingerprinting

Continuous behavior monitoring

ASI04 Compliant

Memory Poisoning

Corrupting agent memory or context to influence future behavior maliciously.

High Severity

Implemented Controls

Memory integrity checks

Context window management

Periodic memory refresh

ASI05 Compliant

Privilege Escalation

Agents gaining unauthorized access or elevated permissions beyond their scope.

Critical Severity

Implemented Controls

RBAC enforcement

Privilege boundary checks

Permission audit logging

ASI06 Partial

Multi-Agent Coordination Failures

Issues arising from agents interacting with each other in unexpected ways.

High Severity

Implemented Controls

Agent communication logging

Interaction validation (partial)

Cascade failure prevention

ASI07 Compliant

Unsafe Environment Interaction

Agents causing harm through interactions with their environment or external systems.

High Severity

Implemented Controls

Sandboxed execution

API call validation

Resource access controls

ASI08 Compliant

Feedback Loop Manipulation

Exploiting agent learning or feedback mechanisms to alter behavior over time.

Medium Severity

Implemented Controls

Feedback validation

Drift detection

Baseline comparison

ASI09 Compliant

Resource Exhaustion

Agents consuming excessive compute, API calls, or other resources.

Medium Severity

Implemented Controls

Resource quotas

Cost monitoring

Auto-scaling limits

ASI10 Compliant

Audit Trail Gaps

Insufficient logging preventing forensic analysis or compliance verification.

High Severity

Implemented Controls

Comprehensive action logging

Immutable audit storage

Log integrity verification

Additional Compliance Frameworks

AgentShield supports multiple compliance frameworks. Enable additional frameworks in Settings.

DPDPA 2023

India Data Protection Act

Enabled India

SEBI AI/ML

Securities AI Framework

Enabled India Financial

RBI Cyber

RBI Cybersecurity Framework

Enabled India Banking

IRDAI

Insurance IT Framework

Partial India Insurance

NIST AI RMF

AI Risk Management Framework

Enabled USA

ISO 42001

AI Management System

Enabled Global

EU AI Act

European AI Regulation

Enabled EU

GDPR

EU Data Protection

Enabled EU

HIPAA

Healthcare Data Protection

Partial USA Healthcare

SOC 2

Service Organization Controls

Enabled Global

PCI-DSS

Payment Card Security

Partial Global Financial

Recent Compliance Activity

Today, 10:32 AM

Automated compliance scan completed - 92% overall score

Yesterday, 3:15 PM

LLM06 (Sensitive Information Disclosure) upgraded to Compliant

Feb 8, 2026

ASI06 control review scheduled - Multi-Agent Coordination

Feb 7, 2026

Kill switch implementation verified for ASI03 compliance

Feb 5, 2026

New fingerprinting controls deployed for agent verification