OWASP Top 10 for LLM Applications v1.1

This document is the latest exciting chapter in the ongoing efforts to enhance security in the rapidly evolving field of artificial intelligence.

Download Now

OWASP LLM AI Security & Governance Checklist v1.0

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout normal distribution of letters.

Download Now

Events

Join us @ Global App Sec - Lisbon

Join us for our project session: Unlocking Gen AI Security: An Introduction to the OWASP Top 10 for LLMs and the path to version 2.0.

Thursday June 24th @ 2:30pm

Download Now

MIssed US @ RSA ??

The OWASP AI Security Summit - is On Demand

View The Sessions On-Demand and get access to the Slides

Dive deep into securing LLMs and generative AI at the AI Security Summit during RSA Conference in San Francisco, hosted by OWASP. Discover expert strategies to combat the OWASP Top 10 for LLM identified security vulnerabilities, ensuring your company stays ahead.

Learn More

Get Involved in the Project

Voting Now Open - Top 10 for LLM 2.0

Want to contribute to the project? This is your chance! Review the new entries and leave your thoughts in the survey below. This will help us select promising entries for further development.

Learn More

Introduction

Businesses, eager to harness the potential of LLMs and Generative AI are rapidly integrating them into their operations and client facing offerings. Yet, the breakneck speed at which LLMs are being adopted has outpaced the establishment of comprehensive security protocols, leaving many applications vulnerable to high-risk issues.

Who is it for?

Our primary audience is developers, data scientists, and security experts tasked with designing and building applications and plug-ins leveraging LLM technologies.

Affiliated Standards Organizations and Projects

Explore the Top 10

Creating the OWASP Top 10 for LLM Applications list is a significant undertaking, built on the collective expertise of an international team of more than 500 experts and over 150 active contributors. Our contributors come from diverse backgrounds, including AI companies, security companies, ISVs, cloud hyperscalers, hardware providers, and academia.

Frequently Asked Questions

What is the OWASP Top 10 for Large Language Models (LLM)?

The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security

Who is the Primary Audience for The Top 10 for LLMs?

The primary audience is developers, data scientists, and security experts tasked with designing and building applications and plug-ins leveraging LLM technologies.

How Does the Top 10 for LLMs Relate to Other Top 10 Lists?

While the list shares DNA with vulnerability types found in other OWASP Top 10 lists, it does not simply reiterate these vulnerabilities. Instead, it delves into the unique implications these vulnerabilities have when encountered in applications utilizing LLMs. The goal is to bridge the divide between general application security principles and the specific challenges posed by LLMs

How Was The Top 10 for LLMs Created?

The creation of the OWASP Top 10 for LLMs list was a major undertaking, built on the collective expertise of an international team of nearly 500 experts, with over 125 active contributors. The team brainstormed and proposed potential vulnerabilities, refined these proposals down to a concise list of the ten most critical vulnerabilities, and each vulnerability was then further scrutinized and refined by dedicated sub-teams and subjected to public review.

Will the OWASP Top 10 for LLMs be Updated in the Future?

Yes, the first version of the list will not be the last. The team expects to update it on a periodic basis to keep pace with the state of the industry. They will be working with the broader community to push the state of the art, and creating more educational materials for a range of uses.

Announcements

The OWASP Top 10 For LLM Team Delivers New Security Guidance To Help Prepare And Respond To Deepfake Threats

September 24, 2024

Research Initiative: AI Red Teaming & Evaluation

September 12, 2024

Research Initiative – Securing and Scrutinizing LLMS in Exploit Generation

June 10, 2024

Call for Data! Contribute Now to the Top 10 for LLM 2.0 Risk Data Collection

May 30, 2024

Project Sponsors

Events

In-Person

InfoSec World 2024

InfoSec World is the leading cybersecurity conference for security practitioners and executives. Now in its 30th year, InfoSec World has been known as the “Business of Security” conference—featuring expert insights,…

In-Person

Cloud Security Alliance – SECtember.AI

The mission of SECtember, CSA’s annual flagship event, is to change the way the cloud and cybersecurity industry meets. In honor of this vision and in light of the most…

Virtual

RSAC 365 Virtual Seminar: Intersection of AI & Security

RSAC 365 Virtual Series Online Cybersecurity Learning, In-depth Explorations About: To support our commitment to keeping you and the global cybersecurity community informed throughout the year, we’ve developed the RSAC…

In-Person

OWASP Global AppSec San Francisco 2024

Join OWASP Global AppSec San Francisco alongside 1200+ cybersecurity experts from September 23-27 at the Hyatt Regency San Francisco in San Francisco, CA. Immerse yourself in thought-provoking presentations by globally…