www-project-top-10-for-large-language-model-applications

OWASP Foundation Web Repository

OWASP Top 10 for Large Language Model Applications

Welcome to the official repository for the OWASP Top 10 for Large Language Model Applications!

Overview

The OWASP Top 10 for Large Language Model Applications is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to Large Language Model (LLM) applications.

Our mission is to make application security visible, so that people and organizations can make informed decisions about application security risks related to LLMs.

Key Focus

The primary aim of this project is to provide a comprehensible and adoptable guide to navigate the potential security risks in LLM applications. Our Top 10 list serves as a starting point for developers and security professionals who are new to this domain, and as a reference for those who are more experienced.

The list includes, among others, vulnerability types like "Prompt Injections", "Data Leakage", "Inadequate Sandboxing", "Data Poisoning", and many more.

Contribution

The first version of this list was contributed by Steve Wilson of Contrast Security. We encourage the community to contribute and help improve the project. If you have any suggestions, feedback or want to help improve the list, feel free to open an issue or send a pull request.

We have a working group channel on the OWASP Slack, so please sign up and then join us on the #project-top10-llm channel.

Please hop over to our wiki page to collaborate on the project.

License

This project is licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.