OWASP Top 10 for LLM Applications

OWASP Top 10 for LLM Applications

logo

Summary

The OWASP Top 10 for Large Language Model Applications highlights the most critical security risks in LLM applications, explaining their potential impact, ease of exploitation, and prevalence in real-world applications.

Definitions

Definition Requirements
LLM01:2025. Prompt Injection 160. Encode system outputs
173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
382. Human in the loop
LLM02:2025. Sensitive Information Disclosure 077. Avoid disclosing technical information
173. Discard unsafe inputs
176. Restrict system objects
177. Avoid caching and temporary files
224. Use secure cryptographic mechanisms
261. Avoid exposing sensitive information
300. Mask sensitive data
342. Validate request parameters
LLM03:2025. Supply Chain 262. Verify third-party components
LLM04:2025. Data and Model Poisoning 173. Discard unsafe inputs
262. Verify third-party components
383. Sandboxing to limit model exposure to unverified data sources
LLM05:2025. Improper Output Handling 173. Discard unsafe inputs
265. Restrict access to critical processes
321. Avoid deserializing untrusted data
342. Validate request parameters
LLM06:2025. Excessive Agency 186. Use the principle of least privilege
382. Human in the loop
LLM07:2025. System Prompt Leakage 077. Avoid disclosing technical information
173. Discard unsafe inputs
176. Restrict system objects
177. Avoid caching and temporary files
224. Use secure cryptographic mechanisms
261. Avoid exposing sensitive information
300. Mask sensitive data
342. Validate request parameters
LLM08:2025. Vector and Embedding Weaknesses 077. Avoid disclosing technical information
160. Encode system outputs
173. Discard unsafe inputs
176. Restrict system objects
177. Avoid caching and temporary files
224. Use secure cryptographic mechanisms
261. Avoid exposing sensitive information
262. Verify third-party components
300. Mask sensitive data
320. Avoid client-side control enforcement
342. Validate request parameters
383. Sandboxing to limit model exposure to unverified data sources
LLM09:2025. Misinformation 316. Allow rectification requests
LLM10:2025. Unbounded Consumption 072. Set maximum response time
077. Avoid disclosing technical information
176. Restrict system objects
327. Set a rate limit
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.