minor errors in 2025 RC #464
Description
from Mohit -> https://owasp.slack.com/archives/C06J29KUV7E/p1730793075189299
Remember, an issue is not the place to ask questions. You can use our Slack channel for that, or you may want to consult the following Slack channels:
- #project-top10-for-llm
- #team-llm-web
- #team-llm_diagrams_and_visuals
- Each vulnerabilities has its own dedicated Slack channel for discussions in the format of
#team-llm0X, I.E (#team-llm03_data_and_model_poisoning)
When reporting an issue, please be sure to include the following:
- Before you open an issue, please check if a similar issue already exists or has been closed before.
- A descriptive title and apply the specific LLM-0-10 label relative to the entry. See our available labels.
- A description of the problem you're trying to solve, including why you think this is a problem
- If the enhancement changes current behavior, reasons why your solution is better
- What artifact and version of the project you're referencing, and the location (I.E OWASP site, llmtop10.com, repo)
- The behavior you expect to see, and the actual behavior
Steps to Reproduce
What happens?
see below
What were you expecting to happen?
see below
Any logs, error output, etc?
Hi
@Steve Wilson
Document (Release candidate for the 2025 Top 10 List for LLM Apps) shared in project top for LLM looks impressive. just a few minor observations: Links:
LLM 01 Prompt Injection, Page 6
Reference link 2 (related to ChatGPT Cross Plugin Request Forgery) not working well.
Reference link 7 (related to ChatML for OpenAI Calls Github) not working well.
LLM 04 Data and Model Poisoning, Page 20: Related Frameworks and Taxonomies:
First 2 have links however third one (related to AI model watermarking) is in plain text only. It is missing a link.
LLM06:2025 Excessive Agency, Page 27:
Reference links 5 (related to LangChain) is not working.
LLM 10 Unbounded Consumption, Page 40 : Related framework and Taxonomies:
Link no 3,4, 5 and 8 not working.
Spelling:
LLM06:2025 Excessive Agency Page 25 – Prevention and Mitigation Strategies 2nd control: I think we’re trying to say “Minimize” in place of “Minimine”
Scenario names:
We have assigned names to scenarios for a few vulnerabilities, such as LLM 01, 02, 03, and 08. However, some vulnerabilities are missing scenario names. To ensure uniformity, I think we can either remove all scenario names or assign names for all vulnerabilities. I can also propose scenario names for the vulnerabilities that currently lack them.OWASP Top 10 LLM Applications and Generative AI : 2025
LLM 01 Prompt Injection
Reference link 2:
2. ChatGPT Cross Plugin Request Forgery and Prompt Injection Embrace the Red
https://embracethered.com/blog/posts/2023/chatgpt-cross-plugin-request-forgery-and-prompt-injection
Reference link 7:
7. ChatML for OpenAI API Calls Github
https://github.com/openai/openai-python/blob/main/chatml.md
LLM06:2025 Excessive Agency
Reference links 5:
5. LangChain: Human-approval for tools: Langchain Documentation
https://python.langchain.com/docs/modules/agents/tools/how_to/human_approval/
LLM 10 Unbounded Consumption:
Related framework and Taxonomies
Link 3
AML.T0029 – Denial of ML Service MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0029
Link 4
AML.T0034 – Cost Harvesting MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0034
Link 5
AML.T0025 – Exfiltration via Cyber Means MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0025
Link 8
OWASP Resource Management OWASP Secure Coding Practices
https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/latest/secp212.html
Any other comments?
- [https://owasp.slack.com/archives/C06J29KUV7E/p1730793075189299] Slack post link (if relevant)