OASB: Why AI Agents Need CIS-Style Security Benchmarks
AI agents are deploying to production faster than security teams can assess them. Most organizations have no structured way to evaluate whether an agent is safe to deploy. OASB (Open Agent Security Benchmark) brings the CIS Benchmark model to agentic AI -- providing a standardized framework with 46 controls, 10 categories, and 3 maturity levels.
The Standards Gap
Web applications have OWASP Top 10. Cloud infrastructure has CIS Benchmarks. Container deployments have the CIS Docker Benchmark. These frameworks share a common pattern: they define measurable controls, organize them into categories, and provide maturity levels so organizations can adopt them incrementally.
AI agents have none of this. They execute code, access filesystems, make network requests, manage credentials, and interact with other agents -- all without a standardized security baseline. Security teams are left writing ad-hoc checklists or adapting web application standards that do not account for agent-specific risks like prompt injection, tool misuse, or context poisoning.
What OASB Defines
OASB-1, the first specification, covers agent configuration security. It organizes 46 controls into 10 categories:
| Category | Focus |
|---|---|
| Identity & Provenance | Agent identity verification and cryptographic signing |
| Capability & Authorization | Permission boundaries and least privilege enforcement |
| Input Security | Prompt injection protection and input validation |
| Output Security | Response sanitization and data leakage prevention |
| Credential Protection | Secret management and credential hygiene |
| Supply Chain Integrity | Dependency verification and package trust |
| Agent-to-Agent Security | Inter-agent authentication and message integrity |
| Memory & Context Integrity | Context injection protection and memory isolation |
| Operational Security | Resource limits, sandboxing, and process isolation |
| Monitoring & Response | Security logging, alerting, and incident response |
Three Maturity Levels
Not every agent deployment requires maximum hardening. OASB defines three levels that let organizations adopt controls incrementally:
L1Essential
Baseline security for any agent in production. Covers critical risks with minimal overhead -- credential hygiene, basic input validation, and identity verification.
L2Standard
Defense-in-depth for business-critical agents. Adds monitoring, supply chain verification, and enhanced access controls.
L3Hardened
Maximum security for regulated environments. Cryptographic verification, formal audit trails, advanced isolation, and full compliance mapping.
Automated Verification
OASB controls are designed to be machine-verifiable. HackMyAgent implements automated checks for every OASB-1 control:
# Run L1 benchmark against your project $ npx hackmyagent secure --benchmark oasb-1 # Target a specific maturity level $ npx hackmyagent secure -b oasb-1 --level L2 # Output as SARIF for CI/CD integration $ npx hackmyagent secure -b oasb-1 -f sarif -o results.sarif
Each control check returns a pass/fail result with specific remediation guidance. Results map to SOC 2, ISO 27001, and NIST CSF for organizations that need compliance evidence.
Read the full post on opena2a.org, or explore the full specification at oasb.ai/controls.
OpenA2A is building open security infrastructure for AI agents. Follow our progress at opena2a.org.