Implementation:OWASP Www project top 10 for large language model applications ExploitTracker Analyze

Overview

Concrete tool for analyzing the ASI exploit tracker's 47 documented agentic AI security incidents, provided by the OWASP Agent Security Initiative's Exploits and Incidents Tracker.

Description

ExploitTracker_Analyze processes the ASI Agentic Exploits and Incidents Tracker, which documents 47 real-world security incidents spanning from February 2025 to December 2025. Each incident is mapped to one or more ASI threat categories, enabling systematic cross-referencing between theoretical threats and observed exploits.

The tracker is maintained under the leadership of Ron F. Del Rosario (Lead) and Almog Langleben (Maintainer), and follows strict guidelines:

• Must NOT repeat other vendors but reference their work
• Must analyse incidents with agentic threats in mind -- not just LLM classifications like data leaks and prompt injection
• Must focus on agentic applications (as defined in the ASI Threats and Mitigations) and distinguish them from simple chatbots

The tracker records each incident with the following columns:

• Date -- month and year of the incident
• Exploit / Incident -- descriptive name
• Impact Summary -- what happened and the consequence
• ASI T&M Mapping -- which ASI threat categories apply (e.g., ASI01, ASI02, ASI05)
• Links to further analysis -- vendor advisories, CVE references, discoverer write-ups

Notable incidents in the tracker include:

• Claude Skills Ransomware Deployment (Dec 2025) -- Cato Networks demonstrated deploying MedusaLocker ransomware through Claude's Skills plugin feature (ASI04, ASI05)
• Google Antigravity AI Data Wipe (Dec 2025) -- AI-powered IDE wiped a developer's entire D: drive after misinterpreting a cache-clearing instruction (ASI02, ASI05)
• Claude Hijacked for State-Sponsored Cyberattack (Nov 2025) -- Chinese state-sponsored threat actor hijacked a jailbroken Claude instance to attack approximately 30 global entities (ASI01, ASI03, ASI10)
• OpenAI ChatGPT Operator Vulnerability (Feb 2025) -- Prompt injection in web content caused the Operator to follow attacker instructions and expose private data (ASI01, ASI02, ASI03, ASI04, ASI06, ASI07, ASI09)

Usage

Use ExploitTracker_Analyze when:

• You need empirical validation for an ASI Top 10 threat assessment
• Prioritizing remediation based on which threats have documented real-world exploits
• Communicating agentic AI risks to stakeholders with concrete incident examples
• Identifying the most frequently exploited ASI threat categories
• Tracking temporal trends in agentic AI security incidents

Code Reference

Source Location

Repository: OWASP/www-project-top-10-for-large-language-model-applications

File: initiatives/agent_security_initiative/ASI Agentic Exploits & Incidents/ASI_Agentic_Exploits_Incidents.md (guidelines at lines 8-11, leadership at lines 13-14, exploits and incidents table at lines 18-67 with 47 documented incidents)

Signature

ExploitTracker.analyze(
    incidents: list[Incident],
    asi_categories: list[str]
) -> IncidentAnalysis

Import

from exploit_tracker import ExploitTracker

I/O Contract

Inputs

Outputs

Return type: IncidentAnalysis

Usage Examples

Example 1: Full tracker analysis

from exploit_tracker import ExploitTracker, load_incidents

# Load all 47 incidents from the ASI tracker
incidents = load_incidents()

# Define the ASI categories
asi_categories = [
    "ASI01", "ASI02", "ASI03", "ASI04", "ASI05",
    "ASI06", "ASI07", "ASI08", "ASI09", "ASI10"
]

# Analyze the tracker
analysis = ExploitTracker.analyze(
    incidents=incidents,
    asi_categories=asi_categories
)

print(f"Total incidents analyzed: {analysis.total_incidents}")
print("\nIncidents per ASI category:")
for category, count in sorted(
    analysis.category_frequency.items(),
    key=lambda x: x[1],
    reverse=True
):
    print(f"  {category}: {count} incidents")

Example 2: Identify multi-threat attack chains

from exploit_tracker import ExploitTracker, load_incidents

incidents = load_incidents()
asi_categories = ["ASI01", "ASI02", "ASI03", "ASI04", "ASI05",
                  "ASI06", "ASI07", "ASI08", "ASI09", "ASI10"]

analysis = ExploitTracker.analyze(
    incidents=incidents,
    asi_categories=asi_categories
)

# Examine common multi-threat attack chains
print("Common attack chains:")
for chain in analysis.multi_threat_chains:
    print(f"  Chain: {' -> '.join(chain.categories)}")
    print(f"  Frequency: {chain.occurrence_count} incidents")
    print(f"  Example: {chain.example_incident.name}")
    print()

# Highlight notable incidents
print("Notable high-impact incidents:")
for incident in analysis.notable_incidents:
    print(f"  [{incident.date}] {incident.name}")
    print(f"    Impact: {incident.impact_summary}")
    print(f"    ASI Mapping: {', '.join(incident.asi_mappings)}")

Example 3: Cross-reference with threat assessment

from exploit_tracker import ExploitTracker, load_incidents
from asi_threat_assessor import ASIThreatAssessor

# Combine threat assessment with incident analysis
analysis = ExploitTracker.analyze(
    incidents=load_incidents(),
    asi_categories=["ASI01", "ASI02", "ASI03", "ASI04", "ASI05",
                    "ASI06", "ASI07", "ASI08", "ASI09", "ASI10"]
)

# Validate assessment findings against real-world evidence
for threat_id in assessment.applicable_threats:
    incident_count = analysis.category_frequency.get(threat_id, 0)
    print(f"{threat_id}: {assessment.risk_summary[threat_id]} risk, "
          f"{incident_count} real-world incidents documented")

Related Pages

• Principle:OWASP_Www_project_top_10_for_large_language_model_applications_Real_World_Incident_Cross_Reference