Skip to main content
TopAIThreats home TOP AI THREATS
Governance Concept

OWASP Top 10 for LLM Applications

A security awareness document published by the Open Web Application Security Project (OWASP) that identifies the ten most critical security vulnerabilities specific to applications built on large language models. The list provides standardised vulnerability descriptions, risk ratings, and mitigation guidance for LLM-integrated systems.

Security & Cyber

Definition

The OWASP Top 10 for LLM Applications is a community-driven security standard that enumerates the most critical vulnerabilities in applications that integrate large language models. First published in 2023 and updated regularly, it adapts OWASP’s established methodology of identifying and ranking application security risks to the specific challenges of LLM-powered systems. The list includes: LLM01 (Prompt Injection), LLM02 (Insecure Output Handling), LLM03 (Training Data Poisoning), LLM04 (Model Denial of Service), LLM05 (Supply Chain Vulnerabilities), LLM06 (Sensitive Information Disclosure), LLM07 (Insecure Plugin Design), LLM08 (Excessive Agency), LLM09 (Overreliance), and LLM10 (Model Theft). Each entry includes a description, common examples, prevention strategies, and attack scenarios.

How It Relates to AI Threats

The OWASP Top 10 for LLM Applications is the most widely referenced security standard within the Security and Cyber Threats domain for AI applications. It directly maps to multiple TopAIThreats threat patterns: prompt injection (LLM01), data poisoning (LLM03), AI supply chain attacks (LLM05), and model inversion/data extraction (LLM10). The standard serves as a bridge between traditional web application security practices and the emerging field of AI security, providing security teams with familiar risk-ranking methodology applied to novel AI-specific threats.

Why It Occurs

  • The rapid adoption of LLMs in production applications outpaced the development of AI-specific security guidance
  • Security teams needed a standardised framework to assess and communicate LLM-specific risks to stakeholders
  • Traditional application security standards (OWASP Top 10 for Web) did not cover AI-specific vulnerability classes
  • The open-source, community-driven model allowed rapid contribution from AI security researchers worldwide
  • Enterprise compliance and procurement processes required standardised security benchmarks for AI vendors

Real-World Context

The OWASP Top 10 for LLM Applications has been adopted as a reference standard by enterprise security teams, AI platform vendors, and regulatory bodies evaluating AI system security. It complements MITRE ATLAS (which focuses on adversarial ML techniques) by providing application-level vulnerability guidance. Multiple CVEs in AI products (GitHub Copilot, Cursor IDE, various RAG implementations) map directly to OWASP LLM categories. The standard is increasingly cited in AI procurement requirements and security audit frameworks.

Related Threat Patterns

Prompt Injection Attack Security & Cyber Jailbreak & Guardrail Bypass Security & Cyber AI Supply Chain Attack Security & Cyber

Related Terms

Prompt Injection Guardrail MITRE ATLAS AI Risk Management Framework
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-04-03