What is the OWASP Top 10 for LLMs?
The OWASP Top 10 for LLM Applications is a community-maintained ranking of the ten most critical security risks in apps built on large language models — and prompt injection has held the #1 spot in every version, including the 2025 edition, still the latest as of July 2026.
OWASP is the nonprofit behind the famous web-security Top 10; this list applies the same playbook to AI. It exists because LLM apps break in ways traditional security checklists never anticipated — the attack surface is language itself.
The 2025 list, in order:
- Prompt injection — malicious instructions hidden in user input or in content the model reads (see prompt injection)
- Sensitive information disclosure — the model leaking data it shouldn't
- Supply chain — compromised models, datasets, or plugins
- Data and model poisoning — corrupting training or fine-tuning data
- Improper output handling — trusting model output enough to execute it
- Excessive agency — giving an AI agent more permissions than it needs
- System prompt leakage — exposing the app's hidden instructions
- Vector and embedding weaknesses — attacks on RAG pipelines
- Misinformation — confident hallucinations users act on
- Unbounded consumption — runaway usage and denial-of-wallet costs
If you're building anything on an LLM, treat this the way web developers treat the original Top 10: a pre-launch checklist, not optional reading. Start with LLM security for the defensive basics.
Related Questions
Related News
More in Ethics & Society