Every mature pipeline has DAST. Every future-ready pipeline will have AAST.
Arc 3 · AI and Security — Day 5 of 6 · Days 13–18
OWASP published the Top 10 for Agentic Applications in December 2025 — a peer-reviewed framework mapping the ten most critical risks facing autonomous AI agents. AAST is the implementation bridge that puts those risks into your pipeline as testable, enforceable gates.
Arc 3 has covered the threat model, the interlude, and the pre-launch checklist. Day 17 moves from checklists to pipelines — the four gates every agentic deployment should pass through.
🔬
Section 1 of 2
AAST Reference Card
Gate 01
Design Gate
Before development starts
Threat model the agent's goals and decision boundaries
Define identity and permission scope
Map human approval touchpoints
Covers ASI01 · ASI03 · ASI09
Gate 02
Build Gate
During development
Validate every tool integration against a permitted tools registry
Audit third party components and MCP servers
Test for unexpected code execution paths
Covers ASI02 · ASI04 · ASI05
Gate 03
Pre-Deploy Gate
Before go-live
Test memory and context inputs for poisoning
Validate inter-agent communication authentication
Simulate cascading failure scenarios
Covers ASI06 · ASI07 · ASI08
Gate 04
Runtime Gate
Continuous post-deployment
Monitor for behavioural drift against baseline
Alert on permission scope expansion
Periodic least agency review
Covers ASI10 · ASI01 · ASI03
📊
Section 2 of 2
AAST Self Assessment
How does your pipeline score?
Rate your organisation against each gate. Be honest.
Current Score
0 / 24
Answered
0 / 12
Gate 01 — Design Gate
We threat model every AI agent before development begins
Every agent has a defined identity and permission scope documented upfront
Human approval touchpoints are mapped before any code is written
Gate 02 — Build Gate
We maintain a permitted tools registry that every agent integration is validated against
Third party components and MCP servers are audited before use
We test for unexpected code execution paths during development
Gate 03 — Pre-Deploy Gate
We test agent memory and context inputs for poisoning vulnerability
Inter-agent communication is authenticated and integrity-checked
We simulate cascading failure scenarios before any agent goes live
Gate 04 — Runtime Gate
We monitor agent behaviour against a defined baseline post-deployment
Permission scope expansion triggers an alert
We conduct periodic least agency reviews after deployment
Your Result
This assessment reflects your current state against the AAST framework. It is not a formal security audit. For a comprehensive agentic security review — connect with me on LinkedIn.
The map exists. The gates are defined. The only question is whether your pipeline has them.
AAST is built on the OWASP Top 10 for Agentic Applications 2026. Learn more at genai.owasp.org