🌐
OWASP
owasp.org › www-project-top-10-for-large-language-model-applications
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
The OWASP Top 10 for Large Language Model Applications continues to be a core component of our work, identifying the most critical security vulnerabilities in LLM applications.
🌐
OWASP
genai.owasp.org › home › llmrisks
LLMRisks Archive - OWASP Gen AI Security Project
Expore the latest Top 10 risks, vulnerabilities and mitigations for developing and securing generative AI and large language model applications across the development, deployment and management lifecycle. ... Improper Output Handling refers specifically to insufficient validation, sanitization, and...Read More · An LLM...
Discussions

OWASP Top 10 for LLMs: What Every Beginner in AI & Cybersecurity Must Know
This, "Some require stricter input validation. Some require limiting what the AI is allowed to do. Some require better monitoring of what the model is actually producing at runtime." Top down rules of engagement, syslogs of everything, geo fencing each action, with humans in the loop. Do not forget agency... basic stuff friends, its their for a reason. Go to the basics, it helps More on reddit.com
🌐 r/pwnhub
7
5
March 29, 2026
The new OWASP Top Ten 2025!
Hi Tanya! Thanks for sharing! Unfortunately from what i see, from a startup / SME background,“secure coding” is still very much an afterthought. Often time we want to ship fast and say “let’s think about security later”. We make it works before we make it good. But when it comes to launch day, we will be spending all of our time fighting bugs, and once we are rather stable, management will want more features, and security will only be left till when something happened. Which might have been too late. So i think building awareness is very important! We need more people like you to spread the words, so that not just developers know security is important, but business owners too. I have seen an uptrend in more security aware business owners. They are starting to ask if about SSL, or some less tech savvy ones will ask if there is a lock on the browser. 😂 all thanks to many of our security conscious developers working on the background to make this space better. As I work for small businesses, we cannot afford dedicated security team to pentest and harden our system. We tend to rely more on framework and libraries to do the heavy lifting for us. Awareness aside, I think a better and more secure software means we need better tooling. One example I can think of is to have a security tool directly on the browser devtools. Instead of having to use external tool like burp suite, have it built in to our devtools and make it easy for everyone to use. Or at least detect the most common vulnerabilities. More on reddit.com
🌐 r/softwaredevelopment
9
36
November 9, 2025
OWASP updated their Top 10 - a brand new #3
Broken access control stays NR. 1 Just the following three sink. Supply chain is a very relevant addition. And, in parts, logical. When design and injection etc go down, supply chain which has less controls goes up. I like it :) More on reddit.com
🌐 r/cybersecurity
14
108
November 12, 2025
The OWASP Top 10 for LLM Agents: Why autonomous workflows are breaking traditional security models
Recursive Loop Exhaustion is a massive liability when money is involved. I’ve seen cases where a simple timeout error caused an agent to retry a process_refund tool call repeatedly because the state didn't update fast enough. Without strict idempotency keys, like hashing order_id + action_timestamp, passed downstream to the payment processor, you end up draining the merchant's account in seconds. For tool access, soft prompts aren't guardrails. You need a hard policy layer outside the LLM. For example, enforcing a per-user velocity limit (e.g., max 1 refund per 24h) regardless of what the agent "decides." Does the framework cover logic abuse where the agent technically functions correctly (no crash, valid syntax) but is tricked into authorized but excessive financial concessions? More on reddit.com
🌐 r/AI_Agents
5
3
February 19, 2026
🌐
Cloudflare
cloudflare.com › learning › ai › owasp-top-10-risks-for-llms
What are the OWASP Top 10 risks for LLMs?
The OWASP Top 10 report highlights the 10 most critical risks for application security, according to security experts. OWASP recommends that all organizations incorporate insights from this report into their web application security strategy. In 2023, an OWASP working group launched a new project to create a similar report focusing on threats to large language model (LLM...
🌐
promptfoo
promptfoo.dev › owasp llm top 10
OWASP LLM Top 10 | Promptfoo
The OWASP Top 10 for Large Language Model Applications educates developers about security risks in deploying and managing LLMs. It lists the top critical vulnerabilities in LLM applications based on impact, exploitability, and prevalence.
🌐
Tigera
tigera.io › home › llm security › owasp top 10 llm
Quick Guide to OWASP Top 10 LLM: Threats, Examples & Prevention
January 23, 2026 - The OWASP Top 10 for Large Language Model Applications is a framework that identifies and ranks the top ten security vulnerabilities commonly found in applications involving large language models (LLMs).
🌐
OWASP
genai.owasp.org › home
Home - OWASP Gen AI Security Project
3 weeks ago - The 2025 OWASP Top 10 for LLMs effectively debunks the misconception that securing GenAI is solely about protecting the model or analyzing prompts. The research offers valuable insights into how.
🌐
Snyk Learn
learn.snyk.io › learning-paths › owasp-top-10-llm
OWASP Top 10 LLM and GenAI | Snyk Learn
October 15, 2025 - The Open Web Application Security Project (OWASP) has identified and addressed the most critical security risks in software development. With the rapid rise of Large Language Models (LLMs) and generative AI, OWASP has extended its expertise to highlight the top 10 security concerns specific to these advanced AI systems.
Find elsewhere
🌐
Aembit
aembit.io › blog › owasp-top-10-llm-risks-explained
OWASP Top 10 for LLM Applications (2025)
March 21, 2026 - Learn what's new in the OWASP Top 10 for LLM Applications 2025, including prompt injection, excessive agency and supply chain risks.
🌐
GitHub
github.com › owasp › www-project-top-10-for-large-language-model-applications
GitHub - OWASP/www-project-top-10-for-large-language-model-applications: OWASP Top 10 for Large Language Model Apps (Part of the GenAI Security Project) · GitHub
The OWASP Top 10 for Large Language Model Applications is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to Large Language Model (LLM) applications.
Starred by 1.3K users
Forked by 334 users
Languages   Python 46.0% | TeX 25.1% | CSS 12.1% | Makefile 5.7% | TypeScript 4.7% | Jupyter Notebook 2.5%
🌐
Palo Alto Networks
paloaltonetworks.com › resources › infographics › llm-applications-owasp-10
OWASP Top 10 LLM Security Risks with Mitigation - Palo Alto Networks
OWASP Top 10 LLM Security Risks: An interactive diagram maps each risk, attack path, and concrete mitigation you can explore to secure AI systems in production
🌐
Alexewerlof
blog.alexewerlof.com › alex ewerlöf notes › owasp top 10 agents & ai vulnerabilities (2026 cheat sheet)
OWASP Top 10 Agents & AI Vulnerabilities (2026 Cheat Sheet)
March 20, 2026 - Cost: Unlike traditional computing, LLM loads tend to be very expensive. Add the fact that most agentic workload runs in loops and by definition is expected to require less supervision and you get the recipe for financial disaster. This post goes through the complete OWASP Top 10 for LLMs (LLM01-LLM10) and OWASP Top 10 for Agents (ASI01-ASI10) with examples, illustrations and pragmatic advice.
🌐
Trend Micro
trendmicro.com › en_us › what-is › ai › owasp-top-10.html
What are the OWASP Top 10 risks for LLMs? | Trend Micro (US)
February 5, 2026 - Train Staff on Secure Usage Practices: Educate employees on risks like data leakage and prompt injection to reduce human error. The OWASP Top 10 for LLMs warns of risks like prompt injection, data leakage, and insecure plugins.
🌐
Kodem
kodemsecurity.com › resources › owasp-top-10-for-llm-applications
OWASP Top 10 for LLM Applications (2025) | Kodem
4 weeks ago - LLM01 is prompt injection: crafted input that makes a model follow an attacker's instructions instead of the developer's. It is ranked the number one risk for LLM applications. ... The current edition is the 2025 list, which reorganized and ...
🌐
AWS
docs.aws.amazon.com › aws prescriptive guidance › security for agentic ai on aws › mapping to owasp top 10 for llm applications
Mapping to OWASP top 10 for LLM applications - AWS Prescriptive Guidance
Learn how AWS security controls map to the OWASP Top 10 vulnerabilities for LLM applications, including prompt injection, data leakage, and supply chain risks.
🌐
Oligo Security
oligo.security › academy › owasp-top-10-llm-updated-2025-examples-and-mitigation-strategies
OWASP Top 10 LLM, Updated 2025: Examples & Mitigation Strategies
The OWASP Top 10 for LLM Applications is a community initiative designed to address the most critical vulnerabilities associated with LLMs and generative
🌐
OWASP
genai.owasp.org › home › owasp top 10 for llm and genai
OWASP Top 10 for LLM and GenAI - OWASP Gen AI Security Project
May 12, 2026 - The OWASP Top 10 for LLM and GenAI Initiative is a global, community-driven effort focused on identifying, documenting, and raising awareness of the most critical security risks impacting Large Language Models (LLMs), Generative AI (GenAI), and emerging Agentic AI systems.
🌐
Trend Micro
trendmicro.com › en_gb › what-is › ai › owasp-top-10.html
What are the OWASP Top 10 risks for LLMs? | Trend Micro (UK)
Regularly Update and Patch Models: ... data leakage and prompt injection to reduce human error. The OWASP Top 10 for LLMs warns of risks like prompt injection, data leakage, and insecure plugins....
🌐
YouTube
youtube.com › watch
OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed - YouTube
Ready to become a certified watsonx Generative AI Engineer? Register now and use code IBMTechYT20 for 20% off of your exam → https://ibm.biz/Bdp4DLLearn more...
Published   March 7, 2026
🌐
OWASP
genai.owasp.org › home › resources › owasp top 10 for llm applications 2025
OWASP Top 10 for LLM Applications 2025
April 28, 2025 - The OWASP Top 10 for Large Language Model Applications started in 2023 as a community-driven effort to highlight and address security issues specific to AI applications. Since then, the technology has continued to spread across industries and ...
🌐
Reddit
reddit.com › r/pwnhub › owasp top 10 for llms: what every beginner in ai & cybersecurity must know
r/pwnhub on Reddit: OWASP Top 10 for LLMs: What Every Beginner in AI & Cybersecurity Must Know
March 29, 2026 -

When a company builds a product powered by a large language model, they tend to focus on what the AI can do, not on how it can be exploited.

AI systems introduce a new category of vulnerabilities that traditional security checklists do not cover. An attacker can manipulate an AI by slipping instructions into its input, trick it into leaking sensitive data from its training, or overwhelm it with requests that drain resources and drive up costs, none of which map cleanly onto the security risks that developers already know to look for.

OWASP, the nonprofit organization that maintains the most widely used security risk framework in software development, publishes a dedicated Top 10 list for large language model applications. It covers threats like prompt injection, where a malicious user rewrites the AI's instructions through ordinary text input; excessive agency, where an AI with too many permissions takes actions its designers never intended; and data poisoning, where corrupted training data plants hidden behaviors in the model before it ever reaches users.

The fix for each risk varies. Some require stricter input validation. Some require limiting what the AI is allowed to do. Some require better monitoring of what the model is actually producing at runtime.

This writeup walks through all ten risks in plain language, making it a useful entry point for anyone building with AI who wants to understand the attack surface before something goes wrong.