OWASP LLM Top 10
Table of Contents
Quick Answer
The OWASP LLM Top 10 is a practical risk list for applications that use large language models, generative AI, plugins, tools, agents, or AI-connected workflows. Beginners can use it to understand prompt injection, insecure output handling, data exposure, excessive agency, overreliance, supply-chain risk, and other LLM application security concerns.
What is the OWASP LLM Top 10?
The OWASP LLM Top 10 is a security awareness and risk framework for applications that use large language models. It helps developers, learners, product teams, and security teams discuss common LLM application risks in a shared language.
Who Should Use It?
Developers can use it while designing prompts, tools, and workflows. Security teams can use it during threat modeling and review. Product owners can use it to understand approval, privacy, and monitoring needs. Beginners can use it as a learning roadmap before building AI-powered applications.
The 10 LLM Risks Explained
| OWASP LLM risk | Simple meaning | Practical control | Related page |
|---|---|---|---|
| Prompt Injection | Untrusted text influences behavior | Separate instructions from data | Prompt Injection |
| Insecure Output Handling | Model output is trusted unsafely | Validate and sanitize output | LLM Security |
| Training Data Poisoning | Bad data affects behavior | Curate and monitor datasets | Checklist |
| Model Denial of Service | Cost or resource abuse | Rate limits and quotas | Checklist |
| Supply Chain Vulnerabilities | Risky models or components | Review providers and dependencies | LLM Security |
| Sensitive Information Disclosure | Secrets or private data leak | Data minimization and access control | RAG Security |
| Insecure Plugin Design | Tools expose unsafe actions | Least privilege and approval | AI Agent Security |
| Excessive Agency | AI can act too autonomously | Human approval and scoped permissions | AI Agent Security |
| Overreliance | Users trust wrong output | Verification and human review | AI Security |
| Model Theft | Unauthorized model access or copying | Access control and monitoring | Checklist |
Developer Priority Order
Most teams should start with prompt injection, insecure output handling, sensitive information disclosure, tool/plugin permissions, excessive agency, and monitoring. These risks appear early when an LLM app connects to documents, APIs, databases, code, or business workflows.
Beginner Learning Order
- Read the AI Security Roadmap.
- Understand Prompt Injection.
- Learn LLM Security controls.
- Study RAG Security if the app uses documents or vector search.
- Study AI Agent Security if the app can call tools or take actions.
- Review the LLM Security Checklist.
OWASP LLM Top 10 vs NIST AI RMF vs MITRE ATLAS
| Framework | Best for | How to use it |
|---|---|---|
| OWASP LLM Top 10 | LLM application security risk awareness | Use as a practical checklist for app design and review |
| NIST AI RMF | AI risk governance and trustworthiness | Use for risk management, measurement, and organizational process |
| MITRE ATLAS | Adversary techniques against AI systems | Use for threat-informed review and security testing plans |
| OWASP Agentic AI guidance | Autonomous agents and tool-using AI | Use for agent permissions, approvals, and excessive-agency review |
How to Use the List in a Project
Start by mapping the AI data flow: prompts, retrieved content, model outputs, tools, logs, secrets, and human approvals. For each OWASP risk, document whether the project has a control, where that control lives, and how it is tested. Use the LLM Security Checklist to turn the list into practical review steps.
Explore AI Security Topics
FAQs
Sources and further reading
- OWASP Top 10 for Large Language Model Applications — Official OWASP LLM Top 10 project
- NIST AI Risk Management Framework — AI risk management and trustworthy AI reference
- MITRE ATLAS — AI adversary tactics and mitigation reference
- OWASP Agentic AI Threats and Mitigations — Agentic AI risk and mitigation reference