The 10 Ways Your AI Agent Can Be Turned Against You - In Plain English (Part 1)

Everyone talks about AI agents like they're digital assistants that just do what you tell them. Nobody tells you they also do what other people tell them - if those people know how.

TL;DR: OWASP - the same organization that defined web security for the last two decades - published their Agentic Top 10 in December 2025. It's the first authoritative list of how AI agents can be attacked, manipulated, or turned against the people who deployed them. Over 100 security experts contributed. Zero plain-English coverage exists for non-technical users. This series fixes that.

What Is OWASP and Why Should You Care?

Here's the thing. OWASP isn't some think tank publishing reports nobody reads. They're the organization that literally defined the security standards every major website you use is built against. Banks, hospitals, government systems - all of them reference OWASP's Top 10 lists when deciding what to protect against.

In December 2025, they turned their attention to AI agents. Not chatbots. Not the AI that writes your emails. Agents - the systems that can browse the web for you, manage your files, send messages, execute code, and connect to dozens of other tools on your behalf.

They brought in over 100 contributors from across the security industry - Palo Alto Networks, Entro Security, independent researchers - and produced the first definitive list of how these agents fail.

And here's the part that matters to you: every piece of coverage so far assumes you're a software developer or an enterprise security team. Nobody has translated this for the people actually deploying these agents at home, on their own servers, for their own businesses.

The Problem Is Already Here

This isn't theoretical. The attacks OWASP catalogued are happening right now.

In March 2026, a Meta employee asked their internal AI agent for help with an engineering problem. The agent's solution, when implemented, exposed sensitive user and company data for two hours. A real company. A real incident. Confirmed by The Guardian.

Over on the MCP side - that's the protocol that lets AI agents connect to tools like Gmail, Slack, and your file system - security researchers documented 30 vulnerabilities in 60 days. More than one every two days. BlueRock Security found that 36.7% of the 7,000+ MCP servers they analyzed were potentially vulnerable to a specific class of attack.

Meanwhile, 42,000+ OpenClaw instances were found exposed on the public internet, with 93.4% showing authentication bypass issues. And 824+ malicious skills were discovered in the ClawHub marketplace - roughly 12% of the entire registry was malware disguised as legitimate tools.

The OWASP Agentic Top 10 is a field guide to what's already happening.

What This Series Covers

Over the next four parts, we're going to walk through all 10 risks in plain English. No security jargon. No developer prerequisites. Just what each risk means, how it works in the real world, and what you can do about it.

Here's the plan:

• Part 2: Prompt injection and tool poisoning - when your agent takes orders from strangers
• Part 3: Excessive permissions and privilege escalation - when your agent has the keys to everything
• Part 4: Supply chain attacks and data exfiltration - when the tools you install are the threat
• Part 5: Monitoring, trust boundaries, and the practical steps that actually protect you

Now, Part 2 is where it gets personal. We're going to talk about the single most common way an AI agent gets compromised - and it doesn't require a single line of code.