Why it matters

OWASP LLM Top 10 is baseline security checklist. Understanding shapes app security.

Advertisement

The architecture

10 vulnerability categories.

Updated per year.

Basis for pentesting + threat modeling.

OWASP LLM Top 10 categoriesInjection risksprompt + indirectOutput handlinginsecure outputSystem riskssupply chain + DoSLLM01 Prompt Injection tops list; check current 2025 revision for updates
Top 10.
Advertisement

How it works end to end

LLM01: Prompt injection.

LLM02: Sensitive info disclosure.

LLM03: Supply chain.

LLM04: Data + model poisoning.

LLM05: Improper output handling.

LLM06: Excessive agency.

...