Agentic AI: proposal is not permission
Core thesis
Agentic AI changes the execution question.
A model output may be only a proposal.
A tool call may become an action.
An agent-to-agent message may redirect authority.
A human approval may convert a recommendation into institutional consequence.
The OWASP Top 10 for Agentic Applications 2026 provides a useful public vocabulary for agentic AI security risks, including goal hijack, tool misuse, identity and privilege abuse, memory/context poisoning, insecure inter-agent communication, cascading failures, human-agent trust exploitation and rogue agents.
Arqua does not replace security engineering, AI governance, model risk management or operational controls. Arqua adds the execution-admissibility lens: before an AI-influenced action binds consequence, the organisation must be able to determine whether execution is admissible now, under current authority, evidence, context, constraints and state.
Bridge logic
OWASP-style agentic concern | Arqua execution-admissibility question |
Agent goal hijack | Has the agent’s proposed action drifted from the authorised purpose before execution? |
Tool misuse | Is the tool call permitted for this actor, purpose, context and consequence class? |
Identity and privilege abuse | Is authority being re-resolved at execution, or inherited from an earlier session, user, agent or workflow state? |
Memory and context poisoning | Is the evidence basis current, trusted and fit for execution? |
Insecure inter-agent communication | Can the organisation prove the provenance, integrity and authority of the message that influenced execution? |
Cascading failures | What prevents one faulty AI-influenced action from propagating through downstream workflows? |
Human-agent trust exploitation | Is human approval acting as genuine authority, or merely laundering an AI recommendation into execution? |
Rogue agents | What detects, contains or refuses execution when agent behaviour deviates from its authorised scope? |
Boundary note
This page is an architectural bridge note. It does not assert OWASP certification, endorsement, partnership, affiliation, legal assurance, regulatory compliance, security assurance, system operation or implementation. Arqua operates at the architecture and governance layer. Runtime behaviour, security engineering, implementation, regulatory compliance and operational responsibility remain with the deploying organisation and its chosen delivery partners.
Source basis
OWASP Top 10 for Agentic Applications 2026, OWASP Gen AI Security Project — Agentic Security Initiative.
© Arqua Pty Ltd. All rights reserved.