OWASP Foundation Web Respository

Welcome to the official repository for the OWASP Top 10 for Large Language Model Applications!

The OWASP Top 10 for Large Language Model Applications is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to Large Language Model (LLM) applications.

Our mission is to make application security visible, so that people and organizations can make informed decisions about application security risks related to LLMs.

The primary aim of this project is to provide a comprehensible and adoptable guide to navigate the potential security risks in LLM applications. Our Top 10 list serves as a starting point for developers and security professionals who are new to this domain, and as a reference for those who are more experienced.

The list includes, among others, vulnerability types like "Prompt Injections", "Data Leakage", "Inadequate Sandboxing", "Data Poisoning", and many more.

The first version of this list was contributed by Steve Wilson of Contrast Security. We encourage the community to contribute and help improve the project. If you have any suggestions, feedback or want to help improve the list, feel free to open an issue or send a pull request.

We have a working group channel on the OWASP Slack, so please sign up and then join us on the #project-t10-llm channel.

This project is licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.