What is AgenticAssurance?
Single-prompt scanners miss the attacks that matter for agents — the ones composed across tools. AgenticAssurance (AAL) is the framework-neutral offensive core of the Agent Assurance Layer: you describe your agent in a capability manifest — its tools and their side-effect classes, data scopes, untrusted-ingress points and declared mitigations — plug in a runner adapter, and it attacks an isolated copy of the agent. It runs an attack library mapped to the OWASP Top 10 for Agentic Applications and MITRE ATLAS, builds a toxic-flow graph over declared tools to find lethal-trifecta and untrusted-content-to-code-execution paths, and catches execution-layer divergences where the agent refuses in text but a side-effecting tool still fires. Findings ship as SARIF 2.1.0 for code scanning plus a human-readable report, and a failing verdict exits non-zero — so red-teaming gates CI like any other test.