The Open Worldwide Application Security Project (OWASP) has recently released version 1.0 of its Top 10 for LLM (Large Language Model) Applications.
OWASP’s Top 10s are community-driven lists of the most common security issue, designed to help developers implement their code safely.
“The OWASP Top 10 for LLM Applications Working Group is dedicated to developing a Top 10 list of vulnerabilities specifically applicable to applications leveraging Large Language Models (LLMs). This initiative aligns with the broader goals of the OWASP Foundation to foster a more secure cyberspace and is in line with the overarching intention behind all OWASP Top 10 lists” says their annoouncement.
The Top Ten is the result of the work of nearly 500 security specialists, AI researchers, developers, industry leaders and academics. Over 130 of these experts actively contributed to this guide.
Following is the OWASP Top 10 for LLM version 1.0, listed in order of criticality.
- Prompt Injection
- Insecure Output Handling
- Training Data Poisoning
- Model Denial of Service
- Supply Chain Vulnerabilities
- Sensitive Information Disclosure
- Insecure Plugin Design
- Excessive Agency
- Overreliance
- Model Theft
Read more about it here.