Mayur Agnihotri — Agentic AI Security and Decision-Rights
OWASP Standards License Experience Lane
Head of Threat Research · Agentic AI Security & Decision-Rights · AI SOC + OT/ICS · SecOps · Board Member
Working on the architectural floor for AI agents that take irreversible actions. The thesis in one line: investigation is reversible, actuation is not — and the gate for the write side has to be code the agent cannot reach, evaluating a manifest the agent cannot rewrite.
Three primitives carry the architecture:
manifest.action_class = "irreversible" // declared upstream by publisher
deterministic.gate = outside_loop // code the agent cannot reach
worst_case.chain_rule = governs_chain // composed actions inherit the worst class
Twelve-plus years across threat research, AI-driven SOC detection and response, OT/ICS security, cyber-range exercise design, cyber-crime investigation, and web/mobile/application security.
| Project | Status | Scope |
|---|---|---|
| OWASP AISVS | Contributor | C9.2.6 (manifest-declared action class) + C9.2.7 (worst-case chain rule) merged into C09 research chapter, proposed for v1.01 |
| OWASP SPVS | Active | V5.6.5 IR decision-rights (PR #14), V1.3.7 NHI runtime decision-rights (PR #15), supply-chain (Issue #13) |
| OWASP Cornucopia (Agentic AI) | Active | Action-authority taxonomy (Issue #3018) |
| OWASP GenAI Security Project | Active | Reversibility-graded authority into Agentic AI Threats & Mitigations v1.1 (Issue #13) |
| CSA NHI v1.0 | Reviewer | Peer review June 2026 |
Prior OWASP leadership: AppSec India Co-Leader (2016–2020) · OWASP Indore Chapter Leader (2017–2018)
Reference implementation of OWASP AISVS C9.2.6 + C9.2.7: manifest-declared action class, deterministic gate, worst-case chain rule. JSON schema + Python.
NHI runtime decision-rights companion to OWASP SPVS V1.3.7. Identity provenance verification, token freshness, action-class authorization.
Whitepaper Pages Chapters License
The full architectural reference. 18 chapters across 5 parts (Problem / Architecture / Standards Anchor / Applied Patterns / Implementation) + closing. Develops the four-class reversibility taxonomy (read-only / reversible / external-reversible / irreversible), manifest-declared classification, worst-case chain rule, and the architectural floor that makes the gate resistant to prompt injection. Anchored in OWASP AISVS C9.2.6 + C9.2.7 (proposed for 1.01, merged into AISVS main 2026年05月27日).
Cross-substrate convergence catalog (10 substrates): OWASP AISVS · CSA IAM WG · PieterKas/agent2agent-auth-framework · SANS AI Security Maturity Model · CSA AARM · Identient AuthR · Digital Identity Forum · CSA NHI · James A Bex AI Engineering Handbook · Riddhi Mohan Sharma EHV.
Long-form essays on AI agent security, decision-rights, reversibility-graded authority, and contribution methodology. Three essays published June 2026 (~9,900 words + 7 figures):
- The Decision-Rights Plane: An Architectural Gap in AI Security — the missing primitive at layers 4 and 5
- Investigation Is Reversible. Actuation Is Not. — the read/write architectural fold as design primitive
- What I Learned Contributing Across Five Standards Surfaces — the cross-surface contributor method
- Interview with Mayur Agnihotri — Science Of Cyber Security (Oct 2017)
- Conviction Of Digital Crime — National Cyber Defence eMagazine (Aug 2016)
- PenTest: Penetration Testing in Linux — PenTest Magazine (Mar 2016)
- PowerShell For Penetration Testing — PenTest Magazine (Jan 2016)
- Predictions For Cyber Security in 2016 — eForensics and Hakin9 (Dec 2015)
Red Hat Adobe BlackBerry Sony Microweber Nokia Siteground
LDAP server flaw research (Red Hat) and web-application vulnerability disclosures across major brands.
| Role | Org | Period |
|---|---|---|
| Information Security Specialist | StraightArc Technologies | 2020 to present |
| Board Member | SkyVirt | 2017 to present |
| Senior Subject Matter Expert | TCS iON | 2022 to present |
| Board of Studies | Ramachandra College of Engineering | 2023 to present |
| CHFI Item Writer | EC-Council | 2016 to present |
| Director | ARNE Solutions | 2016 to present |
| Technical Committee | Digital 4n6 Journal | 2016 to 2018 |
| Team Member | National Cyber Defence Research Centre | 2016 to 2018 |
📍 Udaipur, India · ⏱ GMT+05:30
Vendor-neutral standards work. Decision-rights for AI agents, reversibility as the architectural floor, manifest-declared action class as the standards-side answer.