The 10 categories

1. Prompt Injection. 2. Sensitive Info Disclosure. 3. Supply Chain. 4. Data + Model Poisoning. 5. Improper Output Handling. 6. Excessive Agency. 7. System Prompt Leakage. 8. Vector + Embedding Weaknesses. 9. Misinformation. 10. Unbounded Consumption.

Advertisement

Prompt Injection (LLM01)

Direct + indirect. Most exploited. Attacker input overrides developer instructions.

Advertisement

Sensitive Info Disclosure (LLM02)

PII, credentials, or proprietary data leaked in responses. From training or context.