Back to Home

ASAMM: security framework for AI agents

ASAMM framework extends OWASP SAMM for assessing security of systems with AI agents, introducing concepts of autonomy window and context risks. Includes 19 controls, threat taxonomy and audit methodology. Integration with NIST and Russian National Standard standards ensures compliance in enterprise projects.

Agentic SAMM: protecting systems with AI agents from risks
Advertisement 728x90

ASAMM: A New Framework for Risk Assessment in Autonomous AI Agent Systems

Systems based on autonomous AI agents require specialized security approaches, as traditional methods fail to account for their unique characteristics. The Agentic SAMM (ASAMM) framework offers a structured tool for analyzing risks related to context, tool calls, and periods of independent agent operation. This extension of the OWASP SAMM model is adapted for modern agent architectures where AI independently interacts with external resources.

The development of ASAMM is driven by the accelerated integration of such systems into DevOps processes and business operations. Companies often face gaps in oversight when agents process data without human supervision, increasing vulnerability to manipulation through context or tools.

Key Framework Concepts

ASAMM introduces concepts focusing on the specifics of agent systems:

Google AdInline article slot
  • Context as an Attack Surface: Documents, CI/CD logs, tickets, or web resources accessible to the agent can serve as sources of malicious instructions.
  • Tool Calls: Authorized access does not guarantee the relevance of the agent's actions to the task, creating risks of unauthorized operations.
  • Autonomy Window: The period without checkpoints, measured by time and volume of permitted actions, determines the risk level.

These elements complement standard practices like threat modeling or DAST scanning, which often miss vulnerabilities in tool registries and MCP servers.

The framework is structured around a threat taxonomy by entry points, a trust model with two axes, and 19 controls across the five OWASP SAMM functions: Governance, Design, Implementation, Verification, and Operations. Each control has maturity levels from L1 to L3.

Control Structure and Integration with Standards

Controls are distributed across families for comprehensive coverage of the system lifecycle:

Google AdInline article slot
  • Governance: Defining autonomy policies and constraints.
  • Design: Modeling context and tool risks.
  • Implementation: Implementing protective call mechanisms.
  • Verification: Auditing autonomy windows and evidence.
  • Operations: Monitoring and responding to anomalies.

ASAMM integrates with NIST AI RMF, NCSC guidelines, and the Russian GOST R 56939-2024. Version two adds an evidence taxonomy with six levels, control for agent self-modification, and documentation of value constraints. An audit methodology is proposed with tracks: self-audit, external review, and audit by another agent.

Implementation Paths and Practical Implications

For organizations with existing security programs, migration is recommended, integrating ASAMM into current processes. An alternative is starting from scratch for new projects. The Russian-language version includes detailed alignment with GOST.

Implementing the framework impacts the industry, encouraging standardization of practices for AI agents. This reduces risks of incidents related to autonomous actions and increases trust in technologies in enterprise environments. Consequences include the need for team retraining and investments in verification tools, but these pay off by minimizing vulnerabilities.

Google AdInline article slot

Overall context: The AI agent market is growing 40% annually, with a focus on DevOps automation. Without adapted frameworks like ASAMM, companies risk data leaks and unauthorized operations.

Key Takeaways

  • ASAMM extends OWASP SAMM for agent systems, focusing on autonomy windows and tool calls.
  • 19 controls across five functions with L1-L3 maturity levels enable gradual improvement.
  • Integration with NIST, NCSC, and GOST R 56939-2024 simplifies compliance.
  • The audit methodology includes three tracks for flexibility.
  • The Creative Commons license allows free use and modification.

— Editorial Team

Advertisement 728x90

Read Next