The Open Web Application Security Project (OWASP) is an open community dedicated to improving the security of software. It provides free and open resources. Maybe their most famous resource is OWASP Top Ten for web applications. Since web applications are a major target for attackers, the OWASP Top Ten list is used by organizations around the world to prioritize their security efforts.
OWASP has now released similar list for LLM applications, OWASP Top 10 for Large Language Model Applications. The project provides a list of the top 10 most critical vulnerabilities often seen in LLM applications, highlighting their potential impact, ease of exploitation, and prevalence in real-world applications.
- Prompt Injection
- Insecure Output Handling
- Training Data Poisoning
- Model Denial of Service
- Supply Chain Vulnerabilities
- Sensitive Information Disclosure
- Insecure Plugin Design
- Excessive Agency
- Overreliance
- Model Theft
Visit OWASP to deep dive into each vulnerability.
Happy reading!