OWASP LLM Top 10

Just as the NIST AI RMF provides the strategic blueprint for AI governance, the OWASP LLM Top 10 offers the tactical playbook for securing your AI applications. It's an industry-vetted list of the ten most critical security vulnerabilities found in applications that use Large Language Models (LLMs).

Who is Behind the Top 10?

The OWASP LLM Top 10 was created by the Open Worldwide Application Security Project (OWASP), a non-profit foundation dedicated to improving software security. Unlike a government agency, OWASP's strength comes from its global, community-driven nature. The LLM Top 10 list was the result of collaboration between nearly 500 experts from across the AI, security, and academic fields, ensuring it reflects the real-world threats facing modern LLM applications.

Its Purpose: A Guide for Prioritization

The primary purpose of the OWASP LLM Top 10 is to raise awareness. It provides a concise, prioritized list of the most prevalent and impactful vulnerabilities so that security teams and developers know where to focus their limited time and resources.

 For a business leader, it’s a tool for understanding the core security risks you should be asking your teams about. It acts as a consensus-driven cheat sheet for what truly matters in securing your AI.

The Top 10 Vulnerabilities

The OWASP LLM Top 10 from 2025 outlines the most critical security risks.

  1. Prompt Injection: This is when an attacker manipulates an LLM through clever input to override its intended function or expose sensitive information. A user might trick a customer service chatbot into revealing private account details.
  2. Sensitive Information Disclosure: LLMs can unintentionally expose confidential or private data. This could happen through training data memorization or if the model is prompted to reveal data from connected systems.
  3. Supply Chain: AI applications often rely on third-party models, APIs, and data. This vulnerability occurs when any of these external components are compromised, introducing a backdoor or malicious behavior into your system.
  4. Data and Model Poisoning: This happens when an attacker manipulates the data used to train or fine-tune an LLM. The goal is to introduce vulnerabilities, biases, or backdoors that can compromise the model's security and effectiveness.
  5. Unsafe Tool Use: LLMs are often given access to external tools and functions. This risk involves the agent using these tools in an unsafe or unintended way, potentially leading to unauthorized actions on a backend system.
  6. Excessive Agency: This is a key risk for more advanced agents. It refers to an LLM having excessive permissions to access systems or perform open-ended actions. A minor vulnerability could be leveraged to gain broad control over a system.
  7. System Prompt Leakage: This vulnerability occurs when an attacker tricks an LLM into revealing its internal system instructions, which could contain sensitive information, logic, or secret rules that govern its behavior.
  8. Vector and Embedding Weaknesses: These are weaknesses in how a system's vector databases and embeddings are designed, stored, and retrieved. This can be exploited to bypass security controls or gain unauthorized access to data.
  9. Misinformation: LLMs can be exploited to generate misleading, harmful, or fabricated information at a massive scale. This risk is amplified when the LLM's outputs are not properly fact-checked or verified.
  10. Unbounded Consumption: This refers to a type of denial-of-service attack where malicious inputs cause an LLM to consume excessive resources, leading to service degradation or high operational costs.

Top 10 vs. The AI Checklist

While both are valuable OWASP resources, they serve different purposes. The OWASP LLM Top 10 is about prioritization, while the OWASP LLM AI Checklist is a detailed, step-by-step guide for implementation.

Feature

OWASP LLM Top 10

OWASP LLM AI Checklist

Purpose

Raises awareness and provides a prioritized list of the most critical vulnerabilities.

Provides a comprehensive, actionable list of security controls and best practices.

Format

A ranked list of the 10 most common and impactful risks.

A detailed, bulleted checklist of security and governance items.

Audience

Leadership and security teams to understand and prioritize risks.

Technical teams (e.g., developers, DevSecOps) to build and deploy securely.

Focus

"What's wrong?" Identifying the key threats.

"How do we fix it?" Providing concrete steps for mitigation.

 

The Top 10 gives you the "what" and the "why" of LLM security, while the Checklist gives you the "how."

Why You Need It

For leaders building an AI-first organization, the OWASP LLM Top 10 is a tactical guide to protecting your investment and your reputation. The most powerful AI is also the most vulnerable. 

The Top 10 empowers you to have a confident, informed conversation with your technical teams, ensuring your AI strategy isn't just fast and innovative, but also secure and resilient. It's the difference between an AI that enables growth and one that creates massive risk. By addressing these critical vulnerabilities, you're building an AI foundation that can withstand a rapidly evolving threat landscape.