OWASP Top 10 LLM Security Background
OWASP Foundation Official Guide

OWASP Top 10 for LLM Applications 2025

The definitive security framework for Large Language Model applications. Learn about the most critical vulnerabilities, attack vectors, and mitigation strategies for securing AI systems in production environments.

Explore VulnerabilitiesDownload Resources
10
Critical Vulnerabilities
2025
Latest Version
50+
Attack Scenarios
100+
Mitigation Strategies

Stay Updated on AI Security

Get weekly insights on LLM security vulnerabilities and OWASP updates

Get weekly updates on AI security vulnerabilities and research insights.

What's New in 2025

The 2025 edition reflects evolved understanding of LLM risks with new entries and expanded coverage

Unbounded Consumption
Expanded from Denial of Service to include resource management and cost-based attacks in cloud deployments
Vector & Embeddings
New entry addressing RAG security and embedding-based vulnerabilities in modern AI applications
System Prompt Leakage
Addresses real-world exploits where system prompts containing sensitive information are exposed

The Top 10 Vulnerabilities

Comprehensive analysis of the most critical security risks in LLM applications

LLM01:2025Critical
Prompt Injection
User prompts alter LLM behavior in unintended ways, potentially causing harmful outputs or unauthorized access.

View Attack Examples
#1 Most Critical
LLM02:2025High
Sensitive Information Disclosure
LLMs risk exposing sensitive data, proprietary algorithms, or confidential details through their output.

View Attack Examples
#2 Most Critical
LLM03:2025High
Supply Chain
Vulnerabilities in training data, models, and deployment platforms affecting system integrity.

View Attack Examples
#3 Most Critical
LLM04:2025High
Data and Model Poisoning
Manipulation of training data to introduce vulnerabilities, backdoors, or biases into models.

View Attack Examples
#4 Most Critical
LLM05:2025Medium
Improper Output Handling
Insufficient validation and sanitization of LLM outputs before passing to downstream systems.

View Attack Examples
#5 Most Critical
LLM06:2025Medium
Excessive Agency
LLM systems granted excessive functionality, permissions, or autonomy enabling damaging actions.

View Attack Examples
#6 Most Critical
LLM07:2025Medium
System Prompt Leakage
Risk of system prompts containing sensitive information being discovered by attackers.

View Attack Examples
#7 Most Critical
LLM08:2025Medium
Vector and Embedding Weaknesses
Security risks in RAG systems from vulnerabilities in vector generation, storage, and retrieval.

View Attack Examples
#8 Most Critical
LLM09:2025Medium
Misinformation
LLMs producing false or misleading information that appears credible, leading to various risks.

View Attack Examples
#9 Most Critical
LLM10:2025Medium
Unbounded Consumption
Excessive and uncontrolled resource consumption leading to DoS, economic losses, and service degradation.

View Attack Examples
#10 Most Critical

Implementation Guide

Practical steps to secure your LLM applications against these vulnerabilities

Risk Assessment
Evaluate your LLM applications against each vulnerability category using our assessment framework
Download Checklist
Security Controls
Implement layered security controls based on OWASP guidelines and industry best practices
View Controls
Team Training
Educate your development and security teams on LLM security practices and threat modeling
Training Materials

Related Resources

Expand your knowledge with additional security frameworks and research

AI Agents Attack Matrix
Comprehensive attack framework for autonomous AI systems
View Matrix
LLM Security Guide
In-depth analysis of LLM security vulnerabilities and defenses
Read Guide
Case Studies
Real-world examples of LLM security incidents and lessons learned
Browse Studies
Security Glossary
Comprehensive dictionary of AI security terms and concepts
Browse Terms

Secure Your LLM Applications

Start implementing OWASP Top 10 security controls in your LLM applications today. Access our comprehensive resources and expert guidance.

Get Implementation GuideGet Expert Consultation

Related Testing Guides & Resources

Stay Updated on AI Security

Get weekly updates on LLM security vulnerabilities and mitigation strategies

Get weekly updates on AI security vulnerabilities and research insights.

Nessus Vulnerability Scanner

Partner Solution

The industry's most widely deployed vulnerability scanner. Identify security vulnerabilities, misconfigurations, and compliance issues across your infrastructure, cloud, and container environments. Essential for AI security assessments and penetration testing.

Explore Nessus

BlackBox AI Code Generation Platform

Partner Tool

AI-powered code generation platform for developers. Generate, test, and secure AI code with advanced security features. Perfect for building secure AI applications and testing code vulnerabilities.

Try BlackBox AI