Skip to content
Home / Function (NIST CSF 2.0) / GV - Govern / RM - Risks Mgt

OWASP Top 10 for Large Language Model Applications

This document focuses on:

The OWASP Top 10 for Large Language Model (LLM) Applications is a community-driven list identifying the most critical security risks specific to LLMs and generative AI systems. It highlights vulnerabilities such as prompt injection, where attackers manipulate input prompts to cause unauthorized actions; insecure output handling, which can lead to exploits like code execution; training data poisoning that corrupts model behavior; denial of service attacks targeting model availability; and supply chain vulnerabilities affecting system integrity. Other key risks include sensitive information disclosure, insecure plugin design, excessive agency granting LLMs unchecked autonomy, overreliance on LLM outputs, and model theft. The list aims to educate developers and organizations on these threats, providing mitigation strategies to improve the security posture of LLM applications.


Publication's URL

https://owasp.org/www-project-top-10-for-large-language-model-applications/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *