The 10 categories
1. Prompt Injection. 2. Sensitive Info Disclosure. 3. Supply Chain. 4. Data + Model Poisoning. 5. Improper Output Handling. 6. Excessive Agency. 7. System Prompt Leakage. 8. Vector + Embedding Weaknesses. 9. Misinformation. 10. Unbounded Consumption.
Advertisement
Prompt Injection (LLM01)
Direct + indirect. Most exploited. Attacker input overrides developer instructions.
Advertisement
Sensitive Info Disclosure (LLM02)
PII, credentials, or proprietary data leaked in responses. From training or context.