The OWASP LLM AI Cybersecurity & Governance Checklist provides organizations with a structured framework to manage the risks and responsibilities associated with deploying Large Language Models (LLMs). It covers 13 key areas, including adversarial risk management, threat modeling, AI asset inventory, and comprehensive security and privacy training for employees at all levels. The checklist emphasizes the importance of aligning AI adoption with existing cybersecurity and governance standards, integrating LLM security into current organizational practices, and maintaining continuous testing, evaluation, and validation (TEVV) throughout the model lifecycle. By following these actionable steps—such as establishing clear policies, ensuring regulatory compliance, conducting regular risk assessments, and fostering transparency through documentation—organizations can harness the benefits of AI while minimizing vulnerabilities and promoting responsible, ethical use.
Publication's URL
https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/Additional documents on this topic
- OWASP Top 10 for Large Language Model Applications
- OWASP Practical Guide for Secure MCP Server Development
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments