Security Framework Coverage | Check Point AI Security

Frameworks such as the OWASP Top 10 for LLMs, the OWASP Top 10 for agentic applications, and MITRE ATLAS describe categories of risk. Most categories are addressed by more than one capability, across the posture and runtime layers, and some depend on controls in your own architecture. The tables below show, for each framework item, which layer of AI Agent Security addresses it and what remains the responsibility of your architecture.

How to read the mapping: for each item, the first column shows the runtime contribution (the Guard API guardrails), the second the posture contribution (discovery and risk assessment), and the third the controls that sit with your own architecture. An empty cell means that item is not the primary place that layer contributes.

OWASP Top 10 for LLMs (2025)

Item	Runtime	Posture	Your architecture
LLM01 Prompt Injection	Prompt Defense screens user input, tool responses, tool descriptions, and untrusted content	Flags configuration that widens the injection surface, such as untrusted content sources	Separate trusted instructions from untrusted data; scope user permissions
LLM02 Sensitive Information Disclosure	Data Leakage detection on outputs; Prompt Defense on extraction attempts	Flags agents that combine sensitive-data access with exposure paths	Data minimization; scope what data tools can reach
LLM03 Supply Chain		Flags unofficial, unknown, and vulnerable MCP servers and suspicious or likely-malicious tool code	Vet and pin components
LLM04 Data and Model Poisoning	Screens retrieved content and tool responses; screen content at ingestion		Validate training and grounding data; ingestion controls
LLM05 Improper Output Handling	Detects suspicious outputs such as unknown links		Sanitize and encode outputs before downstream use
LLM06 Excessive Agency	Agent Behavior Defense: Off-Task Action detection and Tool Allow/Deny List	Flags excessive tools, unused tools, and high-risk tool combinations	Least-privilege tool scoping; human approval gates
LLM07 System Prompt Leakage	Data Leakage detection on outputs; Prompt Defense on extraction attempts		Keep secrets out of system prompts
LLM08 Vector and Embedding Weaknesses	Screens retrieved RAG content and tool responses		RAG access controls and tenant isolation
LLM09 Misinformation	Content Moderation and custom guardrails		Grounding and verification in the application
LLM10 Unbounded Consumption	Custom guardrails detect some patterns		Rate limits and quotas

OWASP Top 10 for Agentic Applications (2026)

Item	Runtime	Posture	Your architecture
ASI01 Agent Goal Hijack	Prompt Defense across inputs, tool responses, and tool descriptions; Off-Task Action detection	Flags untrusted content sources and missing isolation	Separate instructions from data; least privilege
ASI02 Tool Misuse and Exploitation	Off-Task Action detection; Tool Allow/Deny List	Flags write-access tools, high-risk connections, and risky tool combinations	Strict tool scoping and input validation
ASI03 Identity and Privilege Abuse	Tool Allow/Deny List limits available actions	Flags missing authentication, static credentials, and author-credential execution where the platform exposes it	Identity and access management; least privilege per agent
ASI04 Agentic Supply Chain		Flags unofficial, unknown, and vulnerable MCP servers, untrusted components, and suspicious or likely-malicious tool code	Component vetting and provenance
ASI05 Unexpected Code Execution	Off-Task Action detection and tool controls		Sandboxing; disable code execution where it is not needed
ASI06 Memory and Context Poisoning	Screens retrieved content and tool responses; screen content at ingestion		Memory and session integrity; validation
ASI07 Insecure Inter-Agent Communication	Screens content passed between agents when integrated into the flow		Authenticated and validated inter-agent channels
ASI08 Cascading Failures	Off-Task Action detection and tool controls limit propagation		Isolation and circuit breakers
ASI09 Human-Agent Trust Exploitation	Content Moderation; Prompt Defense		Human oversight in the workflow
ASI10 Rogue Agents	Off-Task Action detection and tool controls	Discovery and risk assessment surface unknown, unmanaged, and over-privileged agents	Governance and decommissioning

Notes on coverage

Inter-agent communication (ASI07) is addressed indirectly: by inspecting the content agents pass between each other when those interactions are screened through the Guard API. Cryptographic and identity controls for inter-agent channels sit with your architecture.
Runtime protection today integrates through the Guard API. Native runtime integration with agent platforms is on the roadmap.
Posture-level enforcement of agent component allow/deny lists is on the roadmap. Runtime tool access control is available today through the Tool Allow/Deny List in Agent Behavior Defense.
MITRE ATLAS techniques are mapped on individual risks in the risk assessment, alongside the OWASP references shown in the risk-types view.