Framework Explorer / OWASP LLM Top 10
OWASP LLM Top 10 in the AI Governance Framework Explorer
The OWASP Top 10 for LLM Applications catalogs the most critical security risks in systems built on large language models — prompt injection, insecure output handling, training data poisoning, and more — with practical mitigations for each.
Open the Interactive ExplorerJump to OWASP LLM Top 10
Every OWASP LLM Top 10 entry, explained
Titles identify each requirement; the one-line summaries below are original Tech Jacks plain-English descriptions, not official standard text. Click any ID to open the full entry — implementation guidance, evidence checklists, risk analysis, and FAQs — in the interactive explorer.
INPUT — Input Security1 entries
Input security risks arise from the inability to separate instructions from data in LLM processing, including prompt injection and system prompt leakage.
OUTPUT — Output Security1 entries
Output security risks include hallucinated misinformation, harmful content, downstream injection through improper output handling, and excessive agency.
DATA — Data Security1 entries
Data security risks include training data poisoning, sensitive information disclosure, vector and embedding weaknesses, and insecure RAG data handling.
INFRA — Infrastructure and Operations1 entries
Infrastructure risks include model supply chain attacks, insecure plugins, excessive permissions, unbounded resource consumption, and deployment vulnerabilities.
LLM01 — Prompt Injection1 entries
Manipulation of LLM input prompts to alter model behavior, bypass safety filters, or exfiltrate data through crafted direct or indirect injections.
LLM02 — Sensitive Information Disclosure1 entries
Unintended exposure of sensitive data including PII, proprietary information, credentials, or training data through model responses or inference.
LLM03 — Supply Chain1 entries
Vulnerabilities from compromised third-party model components, training data, plugins, or deployment dependencies that undermine system integrity.
LLM04 — Data and Model Poisoning1 entries
Introduction of malicious data during pre-training, fine-tuning, or embedding stages to manipulate model behavior or degrade performance.
LLM05 — Improper Output Handling1 entries
Insufficient validation, sanitization, or encoding of LLM-generated output before passing to downstream systems or users.
LLM06 — Excessive Agency1 entries
LLM-based systems granted excessive functionality, permissions, or autonomy to take actions beyond what is necessary or appropriate.
LLM07 — System Prompt Leakage1 entries
Unauthorized disclosure of system prompts containing sensitive instructions, business logic, safety configurations, or operational parameters.
LLM08 — Vector and Embedding Weaknesses1 entries
Vulnerabilities in RAG systems, vector databases, and embedding pipelines that enable poisoning, extraction, or manipulation of retrieval results.
LLM09 — Misinformation1 entries
Generation of false, misleading, or fabricated content presented as factual, including hallucinations, confabulations, and ungrounded claims.
LLM10 — Unbounded Consumption1 entries
Resource exhaustion attacks where LLM operations lack appropriate limits on compute, tokens, API calls, or cost controls.
How OWASP LLM Top 10 maps to other frameworks
Sample audited mappings
All 39 mappings are browsable in the interactive explorer and its knowledge graph.
Implementation templates for OWASP LLM Top 10
Related guides
Frequently asked questions
How many OWASP LLM Top 10 entries does the Framework Explorer cover?
14 entries, each with a plain-English explanation, implementation guidance at three organization sizes, evidence checklists, and risk context. 10 entries carry source-grounded risk profiles.
How does OWASP LLM Top 10 relate to the other AI governance frameworks?
The Framework Explorer documents 39 audited cross-framework mappings touching OWASP LLM Top 10, connecting it to ISO/IEC 42001, NIST AI RMF, EU AI Act, ISO/IEC 27001, OWASP Agentic AI Top 10, MITRE ATLAS. Every mapping was verified against the source documents.
Is this content the official OWASP LLM Top 10 text?
No. Entry titles identify each requirement, and all explanations are original plain-English summaries written by Tech Jacks Solutions. For official text, consult the publishing body directly.