Skip to main content

OWASP Top 10 for LLM Applications 2025

This section contains detailed documentation on the OWASP Top 10 risks for Large Language Model (LLM) applications, based on the official OWASP Top 10 for LLM Applications v2.0 document.

Overview

The OWASP Top 10 for Large Language Model Applications started in 2023 as a community-driven effort to highlight and address security issues specific to AI applications. The 2025 version reflects a better understanding of existing risks and introduces critical updates on how LLMs are used in real-world applications today.

The Top 10 Risks

  1. LLM01: Prompt Injection - Vulnerabilities from user Prompts altering LLM behavior in unintended ways
  2. LLM02: Sensitive Information Disclosure - Risks of exposing sensitive data through LLM interactions
  3. LLM03: Supply Chain - Vulnerabilities in training data, models, and deployment platforms
  4. LLM04: Data and Model Poisoning - Risks from manipulated training data and compromised models
  5. LLM05: Improper Output Handling - Dangers from inadequate validation of LLM outputs
  6. LLM06: Excessive Agency - Risks from LLMs having too much autonomy or capability
  7. LLM07: System Prompt Leakage - Exposure of system Prompts and internal configurations
  8. LLM08: Vector and Embedding Weaknesses - Vulnerabilities in vector storage and retrieval
  9. LLM09: Misinformation - Generation and spread of false or misleading information
  10. LLM10: Unbounded Consumption - Resource management and cost control issues

Key Changes in 2025

  1. Unbounded Consumption expands on previous Denial of Service risks to include resource management and unexpected costs
  2. Vector and Embeddings addresses security in Retrieval-Augmented Generation (RAG) and embedding-based methods
  3. System Prompt Leakage covers vulnerabilities in Prompt security and isolation
  4. Excessive Agency expanded to address risks in agentic architectures and plugin settings

License

This documentation is based on the OWASP Top 10 for LLM Applications which is licensed under Creative Commons, CC BY-SA 4.0. For full license details, visit: CC BY-SA 4.0 Legal Code