|
| 1 | +## Title |
| 2 | +2025 Top 10 Risk & Mitigations for LLMs and Gen AI Apps |
| 3 | + |
| 4 | +## Short Description |
| 5 | +Expore the latest Top 10 risks, vulnerabilities and mitigations for developing and securing generative AI and large language model applications across the development, deployment and management lifecycle. |
| 6 | + |
| 7 | +## Long Description |
| 8 | +The OWASP Top 10 for Large Language Model Applications started in 2023 as a community-driven effort to highlight and address security issues specific to AI applications. Since then, the technology has continued to spread across industries and applications, and so have the associated risks. As LLMs are embedded more deeply in everything from customer interactions to internal operations, developers and security professionals are discovering new vulnerabilities—and ways to counter them. |
| 9 | + |
| 10 | +## Sponsorship |
| 11 | +We appreciate our Project Sponsors’ funding contributions to help support the objectives of the project and help to cover operational and outreach costs augmenting the resources the OWASP.org foundation provides. The OWASP Top 10 for LLM and Generative AI Project continues to maintain a vendor neutral and unbiased approach. Sponsors do not receive special governance considerations as part of their support. Sponsors do receive recognition for their contributions in our materials and web properties. |
| 12 | +All materials the project generates are community developed, driven and released under open source and creative commons licenses. For more information on becoming a sponsor Visit the Sponsorship Section on our Website to learn more about helping to sustain the project through sponsorship. |
| 13 | + |
| 14 | +## Social Media |
| 15 | +🚀 Exciting News! New Translations Available for the OWASP Top 10 for LLM & Generative AI (2025) 🌍 |
| 16 | + |
| 17 | +We’re thrilled to announce that the OWASP Top 10 for LLM Applications and Generative AI 2025 is now available in Greek, Hindi, Japanese, Korean and Persian! |
| 18 | + |
| 19 | +This update provides a refreshed and comprehensive resource addressing the top risks, vulnerabilities, and mitigations for securing Generative AI and LLM applications across their development, deployment, and management lifecycle. Whether you're working with RAG-based applications, agentic architectures, or complex LLM integrations, this list is a must-have for developers, security professionals, and organizations looking to adopt AI securely. |
| 20 | + |
| 21 | +What's New in the 2025 OWASP Top 10 for LLMs? |
| 22 | + |
| 23 | +✅ Unbounded Consumption: Expanding beyond denial of service to include risks of resource management and unexpected costs in large-scale deployments. |
| 24 | +✅ Vectors & Embeddings Security: Addressing security risks in Retrieval-Augmented Generation (RAG) and other embedding-based techniques. |
| 25 | +✅ System Prompt Leakage: A newly added entry tackling real-world exploits and the {risks of assuming prompts remain isolated. |
| 26 | +✅ Excessive Agency: As AI autonomy grows, this update highlights security concerns around agentic architectures with limited human oversight. |
| 27 | + |
| 28 | +Join the Effort! 💡 |
| 29 | + |
| 30 | +This project thrives because of the amazing global community behind it. If you’re passionate about AI security, we invite you to contribute to translations, research, and guidance to expand this critical initiative. Let’s make AI security accessible worldwide! |
| 31 | +📢 Check out the translations below: |
| 32 | + 🔗 Greek: |
| 33 | + 🔗 Hindi: |
| 34 | + 🔗 Japanese: |
| 35 | + 🔗 Korean: |
| 36 | + 🔗 Persian: |
| 37 | + |
| 38 | +Interested in getting involved? Comment below or reach out! Together, we can build a more secure AI-driven future. 💙 #AI #CyberSecurity #LLM #GenerativeAI #OWASP |
0 commit comments