You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Framework: OWASP ASI (Agentic Security Initiative), ASI-01 through ASI-10
Version: 0.1
Since: v0.11.3
This document maps OWASP ASI security controls to PEAC Protocol mechanisms.
Framework Overview
The OWASP Agentic Security Initiative defines ten security controls for AI agent systems. PEAC addresses these through its evidence layer, carrier contract, and zero trust profiles.
Control Mapping
ASI-01: Excessive Agency
Aspect
PEAC Mechanism
Scope limitation
Purpose declaration (PEAC-Purpose header)
Action bounding
Control chain with policy evaluation
Evidence
Interaction evidence capturing tool calls with hashed I/O
Detection
Risk signal extension for behavioral drift
Package
@peac/protocol, @peac/schema, ZT Profile Pack
ASI-02: Supply Chain Vulnerabilities
Aspect
PEAC Mechanism
Dependency attestation
ActorBinding with Sigstore OIDC proof type
Provenance tracking
Credential event extension (issued, rotated)
Integrity verification
Receipt signature verification (EdDSA)
Package
@peac/crypto, @peac/schema
ASI-03: Insecure Output Handling
Aspect
PEAC Mechanism
Output recording
Hash-first evidence (SHA-256 digests, no raw text)