OWASP Foundation Official Guide
OWASP Top 10 for LLM Applications 2025
The definitive security framework for Large Language Model applications. Learn about the most critical vulnerabilities, attack vectors, and mitigation strategies for securing AI systems in production environments.
10
Critical Vulnerabilities
2025
Latest Version
50+
Attack Scenarios
100+
Mitigation Strategies
What's New in 2025
The 2025 edition reflects evolved understanding of LLM risks with new entries and expanded coverage
Unbounded Consumption
Expanded from Denial of Service to include resource management and cost-based attacks in cloud deployments
Vector & Embeddings
New entry addressing RAG security and embedding-based vulnerabilities in modern AI applications
System Prompt Leakage
Addresses real-world exploits where system prompts containing sensitive information are exposed
The Top 10 Vulnerabilities
Comprehensive analysis of the most critical security risks in LLM applications
LLM01:2025Critical
Prompt Injection
User prompts alter LLM behavior in unintended ways, potentially causing harmful outputs or unauthorized access.
#1 Most Critical
LLM02:2025High
Sensitive Information Disclosure
LLMs risk exposing sensitive data, proprietary algorithms, or confidential details through their output.
#2 Most Critical
LLM03:2025High
Supply Chain
Vulnerabilities in training data, models, and deployment platforms affecting system integrity.
#3 Most Critical
LLM04:2025High
Data and Model Poisoning
Manipulation of training data to introduce vulnerabilities, backdoors, or biases into models.
#4 Most Critical
LLM05:2025Medium
Improper Output Handling
Insufficient validation and sanitization of LLM outputs before passing to downstream systems.
#5 Most Critical
LLM06:2025Medium
Excessive Agency
LLM systems granted excessive functionality, permissions, or autonomy enabling damaging actions.
#6 Most Critical
LLM07:2025Medium
System Prompt Leakage
Risk of system prompts containing sensitive information being discovered by attackers.
#7 Most Critical
LLM08:2025Medium
Vector and Embedding Weaknesses
Security risks in RAG systems from vulnerabilities in vector generation, storage, and retrieval.
#8 Most Critical
LLM09:2025Medium
Misinformation
LLMs producing false or misleading information that appears credible, leading to various risks.
#9 Most Critical
LLM10:2025Medium
Unbounded Consumption
Excessive and uncontrolled resource consumption leading to DoS, economic losses, and service degradation.
#10 Most Critical
Implementation Guide
Practical steps to secure your LLM applications against these vulnerabilities
Risk Assessment
Evaluate your LLM applications against each vulnerability category using our assessment framework
Security Controls
Implement layered security controls based on OWASP guidelines and industry best practices
Team Training
Educate your development and security teams on LLM security practices and threat modeling
Related Resources
Expand your knowledge with additional security frameworks and research
AI Agents Attack Matrix
Comprehensive attack framework for autonomous AI systems
LLM Security Guide
In-depth analysis of LLM security vulnerabilities and defenses
Case Studies
Real-world examples of LLM security incidents and lessons learned
Security Glossary
Comprehensive dictionary of AI security terms and concepts
Secure Your LLM Applications
Start implementing OWASP Top 10 security controls in your LLM applications today. Access our comprehensive resources and expert guidance.