There is a moment in every AI coding rollout where the question shifts from "can we make this work" to "what is the worst thing this can do". If you have not had that moment yet, this article will save you a quarter. The OWASP Top 10 for Agentic Applications, published in late 2025, is the cleanest shared vocabulary we have for the failure modes. It is short, opinionated, and useful. This post takes each item, names the failure pattern in plain language, and pairs it with a control you can ship around an AI coding agent today. The configuration shown uses Akmon's policy profiles, packs, and CLI flags. The pattern is general; if you use a different tool, the lessons translate. How to read each section For each item: What it is , in one paragraph. The failure story , the kind of incident this prevents. The control , the actual lever, with code or commands. The trade off , the thing the control costs you. 1. Prompt injection in tool inputs What it is. A tool returns text. The text contains a hidden instruction.…