asi-watch

Live OWASP Top 10 for Agentic Applications (ASI) incident radar. Every fresh public AI-agent security signal — from Hacker News, Reddit, NVD, GitHub advisories, and security RSS — auto-classified into one of the ten ASI categories with a severity, and surfaced on a public dashboard. Severity-weighted leaderboard, 30-day trend, source-by-source health.

Live: https://holyai.me/asi-watch/

Why

OWASP published the Top 10 for Agentic Applications 2026 — ten distinct categories of AI-agent security risk (ASI01 Goal Hijack through ASI10 Rogue Agents). It is rapidly becoming the canonical taxonomy AppSec and AI-platform teams reference. But the framework is abstract. AppSec leads ask: which category is hottest this week? Are there real-world ASI06 (Memory Poisoning) incidents, or is it still theoretical? No live answer exists.

asi-watch makes the framework live. Every hour it pulls fresh public security signals, classifies each one against ASI01..ASI10 with Claude Haiku 4.5, and shows a leaderboard ranked by severity-weighted incident count over the last 7 days.

What it does

• Pulls public signals every 30–60 minutes from real sources (no mocks, ever)
• Classifies each into a single ASI category + severity (low / medium / high / critical) via OpenRouter → Claude Haiku 4.5
• Ranks categories by 7-day severity-weighted score with trend arrows (↑ vs prior 7d)
• Stacked-bar 30-day chart per category
• Searchable, filterable incident feed (category, source, severity, query)
• Public read-only API for everything the UI shows

Real data sources

Every data point is fetched at runtime from a real public source. README and /asi-watch/api/sources document each source honestly.

| Source | Endpoint | Cadence |
| --- | --- | --- |
| Hacker News (Algolia) | https://hn.algolia.com/api/v1/search_by_date (10 keyword queries, 14-day lookback) | every 30 min |
| Reddit | https://www.reddit.com/r/{LLMSecurity,netsec,cybersecurity,AISecurity,AskNetsec}/new.json | every 30 min |
| NVD CVE 2.0 | https://services.nvd.nist.gov/rest/json/cves/2.0 (8 keywords, 30-day lookback) | every 6 h |
| GitHub Advisory DB | https://api.github.com/advisories (npm, pip, go ecosystems, keyword-filtered) | every 6 h |
| The Hacker News (RSS) | https://thehackernews.com/feeds/posts/default (keyword-filtered) | every hour |
| Dark Reading (RSS) | https://www.darkreading.com/rss.xml (keyword-filtered) | every hour |
| Classifier (OpenRouter → Haiku) | https://openrouter.ai/api/v1/chat/completions, model anthropic/claude-haiku-4.5 | every 10 min (top-up) |

No HTML scraping of paywalled sites. No simulated data. If a source returns nothing, the run is recorded as such — no synthetic fallback.

OWASP ASI 2026 categories (mirrored in lib/asi.js)

| ID | Name | Description |
| --- | --- | --- |
| ASI01 | Agent Goal Hijack | Injected instructions redirect the agent's plan |
| ASI02 | Tool Misuse & Exploitation | Unsafe tool chaining, manipulated tool outputs |
| ASI03 | Identity & Privilege Abuse | Delegated trust, inherited credentials abused |
| ASI04 | Agentic Supply Chain | Compromised third-party agents, tools, skills, registries |
| ASI05 | Unexpected Code Execution (RCE) | Unsafe dynamic code execution |
| ASI06 | Memory & Context Poisoning | Poisoned RAG, poisoned long-term memory |
| ASI07 | Insecure Inter-Agent Communication | Compromised agents spoofing peers |
| ASI08 | Cascading Failures | Single fault propagates via high fan-out automation |
| ASI09 | Untraceability & Audit Gaps | Insufficient logging, attribution gaps |
| ASI10 | Rogue Agents | Unauthorized / dormant agents abusing agent identity |

Source: <https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/>

HTTP API

All endpoints are public, read-only, JSON. Base path /asi-watch.

| Endpoint | Description |
| --- | --- |
| GET /asi-watch/health | {ok, db, classified, last_refresh, classifier: live\|degraded} |
| GET /asi-watch/api/stats | Totals + classified %, last refresh ISO |
| GET /asi-watch/api/categories | Leaderboard (7d / 14d / 30d counts, severity score, trend, sample titles) |
| GET /asi-watch/api/trends?days=30 | Daily per-category counts (dense grid) |
| GET /asi-watch/api/incidents?category=ASI04&source=hn&severity=high&q=...&limit=50&offset=0 | Paginated feed |
| GET /asi-watch/api/incident/:id | Full incident + classification reason |
| GET /asi-watch/api/sources | Per-source health, last 24h |
| GET /asi-watch/api/asi | Static ASI category metadata |

Local dev

cp .env.example .env
# add your OpenRouter key (optional — without it, incidents still ingest and surface as pending)
npm install
node server.js
open http://localhost:4900/asi-watch/

Deploy notes

• Run with node server.js under systemd as service asi-watch.service
• nginx: proxy_pass http://127.0.0.1:4900; for location /asi-watch/ (preserve the prefix)
• Health probe: GET /asi-watch/health (200 expected, even on empty DB)
• Secrets injected by RNDLAB key vault — see DEPLOY_MANIFEST.json

Differentiation

• agent-threat-feed — raw CVE/threat feed; no framework alignment
• inject-shield — runtime injection scanner, not an incident radar
• pwn-radar — narrow to a specific GitHub antipattern

asi-watch is the only product mapping live AI-agent security incidents to the OWASP ASI 2026 taxonomy.

License

MIT.