OWASP Coverage Across Praxen Baseline Targets

Aggregate finding counts by category, taken from the frozen tests/baselines/v0.7.7-claude48/ set.

12targets analyzed
107total findings
69LLM-classified
79Agentic-classified

Targets analyzed 12 frozen Praxen baseline scans

Each card links to both the agent's source repository and the per-target Praxen baseline analysis report. Counts shown are the primary OWASP classifications drawn from each finding's owasp_llm / owasp_agentic scalar.

FinBot
OWASP Agentic AI CTF — invoice processor
14 findings 8 LLM 10 Agentic
Source repo ↗ Baseline report ↗
HelperBot
Damn Vulnerable AI Agent — training agent
8 findings 7 LLM 7 Agentic
Source repo ↗ Baseline report ↗
LangChain SQL Agent
create_sql_agent toolkit
6 findings 4 LLM 5 Agentic
Source repo ↗ Baseline report ↗
OpenAI Customer Service
OpenAI Agents SDK example
8 findings 6 LLM 7 Agentic
Source repo ↗ Baseline report ↗
AutoGen Code Executor
Microsoft AutoGen code-executor family
12 findings 6 LLM 9 Agentic
Source repo ↗ Baseline report ↗
Sweep
GitHub issue-to-code agent
9 findings 6 LLM 7 Agentic
Source repo ↗ Baseline report ↗
Devika
Autonomous software engineer
12 findings 10 LLM 10 Agentic
Source repo ↗ Baseline report ↗
Aider
Interactive pair-programming agent
9 findings 7 LLM 5 Agentic
Source repo ↗ Baseline report ↗
OpenHands
Autonomous software-engineering platform
7 findings 3 LLM 5 Agentic
Source repo ↗ Baseline report ↗
Deep Agents CLI
LangChain agent harness (MCP coverage)
7 findings 4 LLM 4 Agentic
Source repo ↗ Baseline report ↗
yaah
Yet Another Agent Harness (MCP coverage)
8 findings 5 LLM 4 Agentic
Source repo ↗ Baseline report ↗
Hermes (Agent + Desktop)
Multi-component LLM agent + desktop control layer
7 findings 3 LLM 6 Agentic
Source repo ↗ Baseline report ↗

OWASP LLM Top 10 — finding count by category

Coverage of OWASP Top 10 for LLM Applications 2025 across all baseline targets. Empty cells show categories the suite does not currently exercise.

LLM01 Prompt Injection
12
LLM02 Sensitive Information Disclosure
15
LLM03 Supply Chain
7
LLM04 Data and Model Poisoning
0
LLM05 Improper Output Handling
4
LLM06 Excessive Agency
23
LLM07 System Prompt Leakage
1
LLM08 Vector and Embedding Weaknesses
0
LLM09 Misinformation
2
LLM10 Unbounded Consumption
5

OWASP Agentic Top 10 — finding count by category

Coverage of OWASP Top 10 for Agentic AI Applications 2026 across all baseline targets.

ASI01 Agent Goal Hijack
10
ASI02 Tool Misuse and Exploitation
20
ASI03 Identity and Privilege Abuse
19
ASI04 Agentic Supply Chain Vulnerabilities
7
ASI05 Unexpected Code Execution (RCE)
8
ASI06 Memory and Context Poisoning
3
ASI07 Insecure Inter-Agent Communication
1
ASI08 Cascading Failures
2
ASI09 Human-Agent Trust Exploitation
3
ASI10 Rogue Agents
6

Methodology how these numbers were computed

Every finding's canonical record carries a primary OWASP classification in two scalar fields, owasp_llm (one of LLM01LLM10 or null) and owasp_agentic (one of ASI01ASI10 or null). This report sums those scalars across the frozen baseline JSONs in tests/baselines/v0.7.7-claude48/ — one per target — yielding the primary-classification counts shown. A finding can carry both an LLM and an Agentic primary tag, so the two totals overlap; a finding without any OWASP primary classification (a RAISE-only or supply-chain-only finding) appears in neither chart but still in the per-target total. The frozen baselines are version-pinned outputs of the cold pre-release scans; see tests/baselines/README.md. For how Praxen classifies findings against the OWASP Top 10, see the OWASP Gen AI Security guide.