What Is OWASP Top 10 for LLM Applications?
OWASP Top 10 for LLM Applications is a community-maintained list of the most critical security risks specific to applications built on large language models, first released in 2023 and updated for 2025.
OWASP Top 10 for LLM Applications — a community-maintained list of the most critical security risks specific to applications built on large language models, first released in 2023 and updated for 2025.
Maintained by the OWASP GenAI Security Project, it is the de facto reference for LLM application security. It covers risks such as prompt injection, sensitive-information disclosure, supply-chain and training-data poisoning, improper output handling, excessive agency, system-prompt leakage, and vector and embedding weaknesses in retrieval-augmented systems. It is widely used to structure AI red-teaming and secure-development practices.
Source: OWASP GenAI Security Project — Top 10 for LLM Applications (2025)
Plain-language explanation
Maintained by the OWASP GenAI Security Project, it is the de facto reference for LLM application security. It covers risks such as prompt injection, sensitive-information disclosure, supply-chain and training-data poisoning, improper output handling, excessive agency, system-prompt leakage, and vector and embedding weaknesses in retrieval-augmented systems. It is widely used to structure AI red-teaming and secure-development practices.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →