Security and Safety

OWASP Top 10 for LLMs

The Open Worldwide Application Security Project (OWASP) Top 10 for Large Language Model Applications catalogs the most critical security risks specific to language model-based systems, giving teams a standardized checklist for identifying and mitigating vulnerabilities in agent systems. The list covers prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft. For agentic coding specifically, prompt injection, excessive agency, and sensitive information disclosure are the highest-priority risks, because agents with real-world capabilities amplify the blast radius of each vulnerability far beyond what a chatbot-only deployment would face.

subtopics

Key Vulnerabilities

Mitigation Strategies

connected to

Least Privilege Prompt Injection Data Exfiltration

resources

OWASP Top 10 for LLM Applicationsgenai.owasp.orgThe official OWASP ranking of LLM-specific security risks (genai.owasp.org)OWASP LLM Top 10 GitHubgithub.comFull documentation and community resources (github.com)NIST AI Risk Management Frameworknist.govNIST's framework for managing AI risks in organizational contexts (nist.gov)Anthropic: Responsible AIanthropic.comAnthropic's approach to responsible AI development and safety (anthropic.com)

view in track