Mapping to OWASP Top 10 for Agentic Applications
SN Business Rule + Script Include / Azure
| OWASP ID | OWASP Name (Agentic) | Where it shows up in the SN ↔ Azure scenario | Concrete failure mode in this system | SV0 vs others (higher is better) |
|---|---|---|---|---|
| ASI01 | Agent Goal Hijack | ServiceNow Flow / Business Rule logic that decides assignment based on incident fields + Azure data | Manipulated or unexpected incident inputs cause the automation to follow a different decision path than intended (wrong assignment, bypassed checks) | 3 vs 2 |
| ASI02 - MH | Tool Misuse & Exploitation | Microsoft Graph / Azure APIs called via REST Message | Legitimate Graph APIs are invoked with overly broad queries, unsafe chaining, or excessive frequency while remaining fully authorized | 4 vs 3 |
| ASI03 - VH | Identity & Privilege Abuse | EntraID service principal + OAuth client credentials | Over-scoped app permissions, credential reuse, missing rotation, or executions continuing after ownership decay | 5 vs 3 |
| ASI04 | Agentic Supply Chain Vulnerabilities | Shared Flow Actions, Script Includes, REST Message definitions | A reused or imported SN artifact is modified and silently alters behavior across multiple automations | 3 vs 2 |
| ASI05 | Unexpected Code Execution | Script Includes, MID server execution paths | Untrusted data is executed or evaluated dynamically inside ServiceNow or downstream execution environments | 1 vs 4 |
| ASI06 - emerging | Memory & Context Poisoning | Persisted Flow variables, lookup tables, cached mappings | Poisoned or drifted configuration influences future executions, causing systematic misrouting or incorrect decisions | 4 vs 0 |
| ASI07 | Insecure Inter-Agent Communication | SN ↔ Azure API request/response handling | Responses are accepted without strict validation, correlation, or replay protection, causing misbinding of results to executions | 4 vs 2 |
| ASI08 - H | Cascading Failures | SN update triggers → re-triggered flows → repeated Azure calls | One bad update or logic error causes execution loops, amplification, or mass ticket / directory changes | 4 vs 2 |
| ASI09 | Human-Agent Trust Exploitation | IT operators trusting automated assignment outcomes | Humans accept or fail to question incorrect automated actions due to lack of explainability or evidence | 3 vs 2 |
| ASI10 - VH | Rogue Agents | Long-lived SN automation + SP running over time | Automation continues executing “legitimately” outside original intent due to logic drift, permission drift, or lost ownership | 5 vs 2 |
Screen recording high level owasp primer: