OWASP Top 10 for LLM & Generative AI Security

GET INVOLVED

Research Initiative: Agentic Application Security

The Agentic Security Research Initiative explores the emerging security implications of agentic systems, particularly those utilizing advanced frameworks (e.g., LangGraph, AutoGPT, CrewAI) and novel  capabilities like Llama 3’s agentic features.

ANNOUNCEMENT!

OWASP Reveals Updated 2025 Top 10 Risks for LLMs, Sponsorship Program, Inaugural Sponsors

The updated Top 10 List for LLMs provides a refreshed resource addressing the top 10 risks. Changes to the 2025 list include, Unbounded Consumption, Vector and Embeddings (expanded RAG guidance), System Prompt Leakage, and more. 

ANNOUNCEMENT!

Top 10 for LLM Project, Expands Initiatives & Publishes New AI Security Guidance

Announcement highlights new initiatives for AI Threat Intelligence, Secure AI Adoption and AI Security Landscape and new security guidance  for responding to DeepFake threats and setting up am AI Security Center of Excellence, 

NEW!

Explore The AI Security Solutions Landscape

The AI Security Landscape connects the risks identfied in the Top 10 for LLMs, LLMSecOps and the open source and commercial solutions designed to secure GenAI applications at each stage of the lifecycle  from planning to governing and everything in-between.

NEW!

Deepfake Threat Preparation and Response Guidance

The OWASP Top 10 for LLM team is excited to announce the release of the Guide for Preparing and Responding to Deepfake Events. This comprehensive resource provides organizations with practical strategies to mitigate the growing risk posed by deepfake technology.

NEW!

AI Security Center of Excellence Guide

Establishing a Center of Excellence (COE) for Generative AI Security has become essential. The document provides a best practices framework from Security Professionals and CISOs to help teams accelerate implementation including cross-functional OKRs and KPIs.

Download Now

GET INVOLVED

Research Initiative: AI Red Teaming & Evaluation

This is your invitation and an opportunity for you to flex your hacker muscles and dive into the murky waters of Large Language Model (LLM) vulnerabilities. We’re putting together a team to map and tackle the OWASP Top Ten vulnerabilities for LLM applications, and we want you on board.

The Top 10 Security Risks for LLM Applications


This document is the latest exciting chapter in the ongoing efforts to enhance security in the rapidly evolving field of artificial intelligence.

MISSED US @ RSA ?

The OWASP AI Security Summit is On Demand

Dive deep into securing LLMs and generative AI at the AI Security Summit @ RSA Conference in San Francisco, hosted by OWASP. Discover expert strategies to combat the OWASP Top 10 for LLM identified security vulnerabilities, to stay ahead of threat actors.

Join the Newsletter

Introduction

Businesses, eager to harness the potential of LLMs and Generative AI are rapidly integrating them into their operations and client facing offerings. Yet, the breakneck speed at which LLMs are being adopted and the rapid evolution of Gen AI application architectures (e.g. RAG, agentic apps) have outpaced the establishment of comprehensive security and risk management protocols, leaving many applications and their organizations vulnerable to high-risk issues.

Who is it for?

Our primary audiences include technology and business leaders, developers, data scientists, and security experts tasked with developing, building and managing the security risks of applications leveraging LLM  and Generative AI technologies.

Affiliated Standards Organizations and Projects

Explore the Top 10 for 2025

Creating the OWASP Top 10 for LLM Applications list is a significant undertaking, built on the collective expertise of an international team of  more than 500 experts and over 150 active contributors. Our contributors come from diverse backgrounds, including AI companies, security companies, ISVs, cloud hyperscalers, hardware providers, and academia.

View the Top 10 for LLMs 2023-24.

What The Industry Is Saying

Frequently Asked Questions

What is the OWASP Top 10 for Large Language Models (LLM)?

The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security

Who is the Primary Audience for The Top 10 for LLMs?

The primary audience is developers, data scientists, and security experts tasked with designing and building applications and plug-ins leveraging LLM technologies.

How Does the Top 10 for LLMs Relate to Other Top 10 Lists?

While the list shares DNA with vulnerability types found in other OWASP Top 10 lists, it does not simply reiterate these vulnerabilities. Instead, it delves into the unique implications these vulnerabilities have when encountered in applications utilizing LLMs. The goal is to bridge the divide between general application security principles and the specific challenges posed by LLMs

How Was The Top 10 for LLMs Created?

The creation of the OWASP Top 10 for LLMs list was a major undertaking, built on the collective expertise of an international team of nearly 500 experts, with over 125 active contributors. The team brainstormed and proposed potential vulnerabilities, refined these proposals down to a concise list of the ten most critical vulnerabilities, and each vulnerability was then further scrutinized and refined by dedicated sub-teams and subjected to public review.

Will the OWASP Top 10 for LLMs be Updated in the Future?

Yes, the first version of the list will not be the last. The team expects to update it on a periodic basis to keep pace with the state of the industry. They will be working with the broader community to push the state of the art, and creating more educational materials for a range of uses.

In the News

OWASP Top 10 Risks for Large Language Models: 2025 updates

OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs

OWASP Top 10 for LLM and new tooling guidance targets GenAl security

OWASP Releases AI Security Resources

Events

InfoSec World 2024

InfoSec World is the leading cybersecurity conference for security practitioners and executives. Now in its 30th year, InfoSec World has been known as the “Business of Security” conference—featuring expert insights,…

Cloud Security Alliance – SECtember.AI

The mission of SECtember, CSA’s annual flagship event, is to change the way the cloud and cybersecurity industry meets. In honor of this vision and in light of the most…

RSAC 365 Virtual Seminar: Intersection of AI & Security

RSAC 365 Virtual Series Online Cybersecurity Learning, In-depth Explorations About: To support our commitment to keeping you and the global cybersecurity community informed throughout the year, we’ve developed the RSAC…

OWASP Global AppSec San Francisco 2024

Join OWASP Global AppSec San Francisco alongside 1200+ cybersecurity experts from September 23-27 at the Hyatt Regency San Francisco in San Francisco, CA. Immerse yourself in thought-provoking presentations by globally…

Project Sponsors

100+ Supporting Organizations

Scroll to Top
  翻译: