AgentThreatBench: The First OWASP Agentic Top 10 Security Benchmark

The AI safety community has a blind spot. We have excellent benchmarks for measuring whether an LLM will output harmful content (like toxicity or jailbreaks), and we have benchmarks for measuring whether an agent can successfully complete a task (like SWE-bench or WebArena). But as agents move into production, the threat model changes. The most critical risk isn't a user typing a jailbreak prompt - it's an agent autonomously ingesting a poisoned email, a compromised RAG document, or a malicious API response, and then executing a harmful action on the attacker's behalf.