OWASP Top 10 for LLM & Generative AI Security

ANNOUNCEMENT!

OWASP Reveals Updated 2025 Top 10 Risks for LLMs, Sponsorship Program, Inaugural Sponsors

The updated Top 10 List for LLMs provides a refreshed resource addressing the top 10 risks. Changes to the 2025 list include, Unbounded Consumption, Vector and Embeddings (expanded RAG guidance), System Prompt Leakage, and more. 

Learn More

ANNOUNCEMENT!

Top 10 for LLM Project, Expands Initiatives & Publishes New AI Security Guidance

Announcement highlights new initiatives for AI Threat Intelligence, Secure AI Adoption and AI Security Landscape and new security guidance  for responding to DeepFake threats and setting up am AI Security Center of Excellence, 

Learn More

NEW!

Explore The AI Security Solutions Landscape

The AI Security Landscape connects the risks identfied in the Top 10 for LLMs, LLMSecOps and the open source and commercial solutions designed to secure GenAI applications at each stage of the lifecycle  from planning to governing and everything in-between.

Learn More

NEW!

Deepfake Threat Preparation and Response Guidance

The OWASP Top 10 for LLM team is excited to announce the release of the Guide for Preparing and Responding to Deepfake Events. This comprehensive resource provides organizations with practical strategies to mitigate the growing risk posed by deepfake technology.

Learn More Download Now

NEW!

AI Security Center of Excellence Guide

Establishing a Center of Excellence (COE) for Generative AI Security has become essential. The document provides a best practices framework from Security Professionals and CISOs to help teams accelerate implementation including cross-functional OKRs and KPIs.

Download Now

GET INVOLVED

Research Initiative: AI Red Teaming & Evaluation

This is your invitation and an opportunity for you to flex your hacker muscles and dive into the murky waters of Large Language Model (LLM) vulnerabilities. We’re putting together a team to map and tackle the OWASP Top Ten vulnerabilities for LLM applications, and we want you on board.

Learn More

The Top 10 Security Risks for LLM Applications


This document is the latest exciting chapter in the ongoing efforts to enhance security in the rapidly evolving field of artificial intelligence.

Download Now

The Top 10 Security Risks for LLM Applications


This document is the latest exciting chapter in the ongoing efforts to enhance security in the rapidly evolving field of artificial intelligence.

Download Now

MISSED US @ RSA ?

The OWASP AI Security Summit is On Demand

Dive deep into securing LLMs and generative AI at the AI Security Summit @ RSA Conference in San Francisco, hosted by OWASP. Discover expert strategies to combat the OWASP Top 10 for LLM identified security vulnerabilities, to stay ahead of threat actors.

Learn More
Join the Newsletter

Introduction

Businesses, eager to harness the potential of LLMs and Generative AI are rapidly integrating them into their operations and client facing offerings. Yet, the breakneck speed at which LLMs are being adopted has outpaced the establishment of comprehensive security protocols, leaving many applications vulnerable to high-risk issues.

Who is it for?

Our primary audience is developers, data scientists, and security experts tasked with designing and building applications and plug-ins leveraging LLM technologies.

Affiliated Standards Organizations and Projects

Explore the Top 10

Creating the OWASP Top 10 for LLM Applications list is a significant undertaking, built on the collective expertise of an international team of  more than 500 experts and over 150 active contributors. Our contributors come from diverse backgrounds, including AI companies, security companies, ISVs, cloud hyperscalers, hardware providers, and academia.

Explore

Frequently Asked Questions

What is the OWASP Top 10 for Large Language Models (LLM)?

The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security

Who is the Primary Audience for The Top 10 for LLMs?

The primary audience is developers, data scientists, and security experts tasked with designing and building applications and plug-ins leveraging LLM technologies.

How Does the Top 10 for LLMs Relate to Other Top 10 Lists?

While the list shares DNA with vulnerability types found in other OWASP Top 10 lists, it does not simply reiterate these vulnerabilities. Instead, it delves into the unique implications these vulnerabilities have when encountered in applications utilizing LLMs. The goal is to bridge the divide between general application security principles and the specific challenges posed by LLMs

How Was The Top 10 for LLMs Created?

The creation of the OWASP Top 10 for LLMs list was a major undertaking, built on the collective expertise of an international team of nearly 500 experts, with over 125 active contributors. The team brainstormed and proposed potential vulnerabilities, refined these proposals down to a concise list of the ten most critical vulnerabilities, and each vulnerability was then further scrutinized and refined by dedicated sub-teams and subjected to public review.

Will the OWASP Top 10 for LLMs be Updated in the Future?

Yes, the first version of the list will not be the last. The team expects to update it on a periodic basis to keep pace with the state of the industry. They will be working with the broader community to push the state of the art, and creating more educational materials for a range of uses.

Announcements

OWASP Reveals Updated 2025 Top 10 Risks for LLMs, Announces New LLM Project Sponsorship Program and Inaugural Sponsors
  • November 17, 2024

The OWASP LLM and AI Security Landscape: A Comprehensive Guide for Securing Large Language Models and Generative AI Applications
  • November 6, 2024

OWASP Dramatically Expands GenAI Security Guidance with Guides for Handling DeepFakes, Building an Ai Security Center of Excellence, and a Gen AI Security Solutions Guide.
  • October 28, 2024

The OWASP Top 10 For LLM Team Delivers New Security Guidance To Help Prepare And Respond To Deepfake Threats
  • September 24, 2024

Project Sponsors

Events

  • In-Person
  • Sep
  • 21
  • Sep
  • 22

InfoSec World 2024

InfoSec World is the leading cybersecurity conference for security practitioners and executives. Now in its 30th year, InfoSec World has been known as the “Business of Security” conference—featuring expert insights,…
  • In-Person
  • Sep
  • 10
  • Sep
  • 12

Cloud Security Alliance – SECtember.AI

The mission of SECtember, CSA’s annual flagship event, is to change the way the cloud and cybersecurity industry meets. In honor of this vision and in light of the most…
  • Virtual
  • Sept
  • 5

RSAC 365 Virtual Seminar: Intersection of AI & Security

RSAC 365 Virtual Series Online Cybersecurity Learning, In-depth Explorations About: To support our commitment to keeping you and the global cybersecurity community informed throughout the year, we’ve developed the RSAC…
  • In-Person
  • Sep
  • 23
  • Sep
  • 24

OWASP Global AppSec San Francisco 2024

Join OWASP Global AppSec San Francisco alongside 1200+ cybersecurity experts from September 23-27 at the Hyatt Regency San Francisco in San Francisco, CA. Immerse yourself in thought-provoking presentations by globally…
More Events

In the News

Lessons for CISOs from OWASP’s LLM Top 10

  • Dark Reading
  • 2024-04-23
  • Kevin Bocek

Mitigating the OWASP Top 10 For Large Language Models Applications using Intelligent Agents

  • IEEE
  • 2024-02-06
  • Mohammad Fasha

OWASP Top 10 for LLM Applications and Mitigation

  • Security Boulevard
  • 2024-02-05
  • MicroHackers

What the OWASP Top 10 for LLMs Means for the Future of AI Security

  • Infosecurity Magazine
  • 2023-08-08
  • Kevin Poireault
More News

100+ Supporting Organizations

All Sponsors and Supporters
Scroll to Top