Agent Security Regression Harness

The OWASP Agent Security Regression Harness helps teams continuously test whether agentic applications and MCP-integrated systems still enforce critical security controls after changes to prompts, models, tools, memory, retrieval sources, approval flows, or integrations.

It provides a code-first, CI-friendly way to convert known agent abuse cases into executable regression tests covering risks such as goal hijack, prompt and context injection, unsafe tool execution, privilege abuse, data exfiltration, approval bypass, insecure memory handling, and unsafe MCP trust boundaries.

Project Type
OWASP Incubator Project
Focus
Agent and MCP Security Regression Testing
License
Apache License 2.0
Audience
Builders, Defenders, AppSec, Red Teams

About Agent Security Regression Harness

Overview

Agentic applications are increasingly able to retrieve untrusted content, call tools, access sensitive data, interact with MCP servers, and execute multi-step tasks. Small changes to prompts, model configuration, tool permissions, memory behavior, retrieval sources, or approval flows can silently reintroduce security failures.

The OWASP Agent Security Regression Harness is an open source project for making agent security testing repeatable, automatable, and actionable. It helps builders and defenders define abuse-case scenarios, execute them against agent systems, assert expected security outcomes, and integrate those checks into local development and CI pipelines.

The project is intended for application security engineers, AI platform teams, red teams, developers building agents, and organizations adopting MCP-connected systems.

What the project provides

The project will provide a Python-based regression harness and CLI for executing agent security test scenarios. It will include a reusable scenario specification format, a policy assertion engine for validating security invariants, execution traces for debugging and auditability, and machine-readable outputs for CI and reporting.

Initial work will focus on scenario libraries for common agent and MCP failure modes, along with reference integrations for API-driven agents, selected agent frameworks, and MCP-based workflows.

Security areas covered

Initial scenarios will focus on goal hijack, prompt and context injection, unsafe tool execution, unauthorized outbound actions, sensitive data disclosure, privilege escalation, identity misuse, insecure memory handling, session isolation, approval bypass, and malicious or shadow MCP interactions.

Project scope

This project is intentionally scoped for an Incubator launch. The first year focuses on a narrow, usable core rather than broad framework coverage.

The project is vendor-neutral, model-neutral, and designed for local and CI-based use. The initial implementation prioritizes practical integrations, reproducible traces, and a stable scenario format over benchmark-style scoring.

Project Resources

Python package

  • Python-based security regression harness
  • CLI for running agent security scenarios
  • Designed for local and CI execution
  • Machine-readable output for automation

Scenario Coverage

  • Goal hijack
  • Prompt and context injection
  • Unsafe tool execution
  • Data exfiltration
  • Approval bypass
  • MCP trust boundary failures

Project Resources

Project Leaders

Mert Satilmaz

Project Lead

Mert Satilmaz is the project lead for the OWASP Agent Security Regression Harness, focused on practical security testing for agentic applications, MCP-integrated systems, and AI-enabled software workflows.

EmailSocial

Project Information

Language
Python
License
Apache-2.0

Requirements

  • Python 3.11 or newer
  • pip or uv for dependency management
  • Git
  • Network access for API-driven agent tests
  • Access to target agent APIs or local test environments
  • Optional MCP server or mock MCP environment for MCP scenarios
  • CI environment for automated regression execution

Industry Usage

TechnologySaaSFinancial ServicesHealthcareGovernmentCybersecurityAI PlatformsDeveloper Tools

Compliance Standards

OWASP Top 10 for LLM ApplicationsOWASP MCP Top 10OWASP AISVSNIST AI RMFISO/IEC 42001ISO/IEC 27001SOC 2
Corporate Supporters
OWASP Logo
OWASP is a nonprofit foundation improving software security through open-source projects, global communities, and education. All resources are free and open to everyone.
Quick Links
ProjectsChaptersCorporate SupportersEventsNewsAboutFinance & governanceFinance (all documents)BoardBoard EUCommunityVisit Store
Legal
Legal
Socials
LinkedInGitHubX (Twitter)FacebookYouTube
OWASP, the OWASP logo, and Global AppSec are registered trademarks and AppSec Days, AppSec California, AppSec Cali, SnowFROC, OWASP Boston Application Security Conference, and LASCON are trademarks of the OWASP Foundation, Inc.
© 2026, OWASP Foundation Inc. All rights reserved.