OWASP/www-project-top-10-for-large-language-model-applications
π PaperOWASP
The definitive security standard for identifying and mitigating critical vulnerabilities in Large Language Model applications.
The OWASP Top 10 for LLM Applications project provides a structured taxonomy of the most significant security vulnerabilities currently impacting Large Language Model deployments. Unlike traditional web application security, LLM-specific risks involve complex interactions between user inputs, model weights, and external data sources. The framework details vulnerabilities such as Prompt Injection (direct and indirect), Insecure Plugin Design, Excessive Agency, and Model Denial of Service. Each entry in the list includes a description, common attack vectors, and actionable mitigation strategies. By standardizing the language around these threats, OWASP enables organizations to perform rigorous security assessments, implement robust defensive architectures, and establish best practices for the entire LLM lifecycle, from data ingestion and fine-tuning to production inference and API integration.
π‘Highlights
- ββStandardized LLM risk taxonomy
- ββActionable mitigation strategies
- ββCovers prompt injection & poisoning
π―For
- ββSecurity Engineers
- ββAI/ML Developers
- ββDevSecOps Professionals
πLinks
- ββGitHub Repository