Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Framework Explorer / OWASP LLM Top 10

OWASP LLM Top 10 in the AI Governance Framework Explorer

14 entries 39 cross-framework mappings 10 risk profiles Security risk catalog Advisory

The OWASP Top 10 for LLM Applications catalogs the most critical security risks in systems built on large language models — prompt injection, insecure output handling, training data poisoning, and more — with practical mitigations for each.

Open the Interactive ExplorerJump to OWASP LLM Top 10

Every OWASP LLM Top 10 entry, explained

Titles identify each requirement; the one-line summaries below are original Tech Jacks plain-English descriptions, not official standard text. Click any ID to open the full entry — implementation guidance, evidence checklists, risk analysis, and FAQs — in the interactive explorer.

INPUT — Input Security1 entries
INPUTInput Security

Input security risks arise from the inability to separate instructions from data in LLM processing, including prompt injection and system prompt leakage.

OUTPUT — Output Security1 entries
OUTPUTOutput Security

Output security risks include hallucinated misinformation, harmful content, downstream injection through improper output handling, and excessive agency.

DATA — Data Security1 entries
DATAData Security

Data security risks include training data poisoning, sensitive information disclosure, vector and embedding weaknesses, and insecure RAG data handling.

INFRA — Infrastructure and Operations1 entries
INFRAInfrastructure and Operations

Infrastructure risks include model supply chain attacks, insecure plugins, excessive permissions, unbounded resource consumption, and deployment vulnerabilities.

LLM01 — Prompt Injection1 entries
LLM01Prompt Injection

Manipulation of LLM input prompts to alter model behavior, bypass safety filters, or exfiltrate data through crafted direct or indirect injections.

LLM02 — Sensitive Information Disclosure1 entries
LLM02Sensitive Information Disclosure

Unintended exposure of sensitive data including PII, proprietary information, credentials, or training data through model responses or inference.

LLM03 — Supply Chain1 entries
LLM03Supply Chain

Vulnerabilities from compromised third-party model components, training data, plugins, or deployment dependencies that undermine system integrity.

LLM04 — Data and Model Poisoning1 entries
LLM04Data and Model Poisoning

Introduction of malicious data during pre-training, fine-tuning, or embedding stages to manipulate model behavior or degrade performance.

LLM05 — Improper Output Handling1 entries
LLM05Improper Output Handling

Insufficient validation, sanitization, or encoding of LLM-generated output before passing to downstream systems or users.

LLM06 — Excessive Agency1 entries
LLM06Excessive Agency

LLM-based systems granted excessive functionality, permissions, or autonomy to take actions beyond what is necessary or appropriate.

LLM07 — System Prompt Leakage1 entries
LLM07System Prompt Leakage

Unauthorized disclosure of system prompts containing sensitive instructions, business logic, safety configurations, or operational parameters.

LLM08 — Vector and Embedding Weaknesses1 entries
LLM08Vector and Embedding Weaknesses

Vulnerabilities in RAG systems, vector databases, and embedding pipelines that enable poisoning, extraction, or manipulation of retrieval results.

LLM09 — Misinformation1 entries
LLM09Misinformation

Generation of false, misleading, or fabricated content presented as factual, including hallucinations, confabulations, and ungrounded claims.

LLM10 — Unbounded Consumption1 entries
LLM10Unbounded Consumption

Resource exhaustion attacks where LLM operations lack appropriate limits on compute, tokens, API calls, or cost controls.

How OWASP LLM Top 10 maps to other frameworks

ISO/IEC 420018 audited mappingsview framework →
NIST AI RMF4 audited mappingsview framework →
EU AI Act4 audited mappingsview framework →
ISO/IEC 270017 audited mappingsview framework →
OWASP Agentic AI Top 105 audited mappingsview framework →
MITRE ATLAS11 audited mappingsview framework →

Sample audited mappings

MediumA.7.4LLM04Data quality requirements provide baseline controls that can help identify training data integrity issues
MediumA.6.2.3LLM01AI system design documentation may include specification of input handling and security controls
MediumA.8.2LLM02User-facing system documentation can inform users about data handling practices and disclosure risks
MediumA.10.2LLM03Supply chain responsibility allocation supports governance of third-party component risks
MediumA.6.2.6LLM05Operational monitoring supports detection of anomalous outputs relevant to output validation
HighA.9.3LLM06Responsible use objectives including human oversight directly counter excessive agency

All 39 mappings are browsable in the interactive explorer and its knowledge graph.

Implementation templates for OWASP LLM Top 10

Related guides

Frequently asked questions

How many OWASP LLM Top 10 entries does the Framework Explorer cover?

14 entries, each with a plain-English explanation, implementation guidance at three organization sizes, evidence checklists, and risk context. 10 entries carry source-grounded risk profiles.

How does OWASP LLM Top 10 relate to the other AI governance frameworks?

The Framework Explorer documents 39 audited cross-framework mappings touching OWASP LLM Top 10, connecting it to ISO/IEC 42001, NIST AI RMF, EU AI Act, ISO/IEC 27001, OWASP Agentic AI Top 10, MITRE ATLAS. Every mapping was verified against the source documents.

Is this content the official OWASP LLM Top 10 text?

No. Entry titles identify each requirement, and all explanations are original plain-English summaries written by Tech Jacks Solutions. For official text, consult the publishing body directly.

Explore the other frameworks