v1.0
Open Agent Security Benchmark
OASB-1 Controls
46 security controls across 10 categories. Each control includes rationale, audit procedures, and remediation guidance following CIS Benchmark methodology.
L1 Essential: 26 controls
L2 Standard: 18 controls
L3 Hardened: 2 controls
1. Identity & Provenance
Who is this agent? Can we verify?
2. Capability & Authorization
What can this agent do?
3. Input Security
How do we protect against malicious input?
4. Output Security
How do we validate agent outputs?
5. Credential Protection
How do we protect secrets?
6. Supply Chain Integrity
How do we trust components?
7. Agent-to-Agent Security
How do agents trust each other?
8. Memory & Context Integrity
How do we protect agent memory?
9. Operational Security
How do we run agents safely?
10. Monitoring & Response
How do we detect and respond?