OWASP Top 10 for LLMs
definition
The OWASP Top 10 for LLM Applications catalogs the most critical security risks specific to LLM-based systems, providing a standardized framework for identifying and mitigating vulnerabilities in agent systems. The list includes prompt injection (LLM01), insecure output handling (LLM02), training data poisoning (LLM03), denial of service (LLM04), supply chain vulnerabilities (LLM05), sensitive information disclosure (LLM06), insecure plugin/tool design (LLM07), excessive agency (LLM08), overreliance (LLM09), and model theft (LLM10).
The OWASP Top 10 for LLM Applications catalogs the most critical security risks specific to LLM-based systems, providing a standardized framework for identifying and mitigating vulnerabilities in agent systems. The list includes prompt injection (LLM01), insecure output handling (LLM02), training data poisoning (LLM03), denial of service (LLM04), supply chain vulnerabilities (LLM05), sensitive information disclosure (LLM06), insecure plugin/tool design (LLM07), excessive agency (LLM08), overreliance (LLM09), and model theft (LLM10). For agentic coding specifically, the most critical risks are prompt injection (LLM01), excessive agency (LLM08), and sensitive information disclosure (LLM06), because agents have real-world capabilities that amplify the impact of these vulnerabilities. Understanding this framework matters because it provides a shared vocabulary for security discussions and a systematic checklist for security reviews of agent systems. This concept connects to prompt injection (LLM01) and data exfiltration (LLM06) for the specific threats, permission models for addressing excessive agency (LLM08), and compliance for broader regulatory and governance considerations.