What is the OWASP LLM Top 10?
The OWASP LLM Top 10 is the list of the ten most critical security risks in applications that use language models (the AI behind chatbots and assistants). Published by OWASP, a world reference organization in software security, it gives companies a common language and a starting point to protect the use and development of AI.
What the OWASP LLM Top 10 is for
OWASP maintains ten-most-critical-risks lists that became industry references (the most famous is for web applications). The AI version was created because language models brought new risks the old lists did not cover. It serves to:
Give a common language
Security teams, developers and leadership start calling the same risks by the same names, instead of each one describing the problem in their own way.
Prioritize what matters
Instead of protecting everything at once, the company starts with the ten risks the global community identified as the most critical.
Guide those who build and those who buy AI
It serves both those who build an AI app and those who assess the security of a tool before adopting it.
Evolve with the threat
The list is revised as new attacks appear. The 2025 edition incorporated the rise of AI agents and real-world incidents.
Source: OWASP Top 10 for LLM Applications (2025 edition).
The ten risks of the OWASP list for AI (2025)
- LLM01 Prompt Injection Hidden malicious instructions make the AI ignore its rules. The number 1 risk, for the second edition in a row.
- LLM02 Sensitive Information Disclosure The AI reveals confidential data, whether from the conversation, the training or connected systems.
- LLM03 Supply Chain risks Third-party models, data and components bring vulnerabilities inherited from outside.
- LLM04 Data and Model Poisoning The training data is corrupted so the AI acts in a way controlled by the attacker.
- LLM05 Improper Output Handling The AI's response is used by another system without verification, opening gaps like code execution.
- LLM06 Excessive Agency The AI is given more permission than it needs and can trigger harmful actions on its own.
- LLM07 System Prompt Leakage The internal instructions guiding the AI are exposed, revealing rules and configuration secrets.
- LLM08 Vector and Embedding Weaknesses Flaws in how the AI stores and searches knowledge allow data to be manipulated or extracted.
- LLM09 Misinformation The AI generates a wrong answer that looks true, and someone acts on it.
- LLM10 Unbounded Consumption Abusive use that blows up cost and capacity, a kind of denial of service for AI.
Why the OWASP LLM Top 10 matters to your company
Every company that adopts AI, whether using a ready-made assistant or building its own, inherits a new attack surface. The value of the OWASP LLM Top 10 is turning an abstract question (is AI safe?) into a concrete list that leadership can demand and the technical team can follow. Without such a reference, each AI project improvises its own security, and what has no name enters neither the budget nor the audit. With the list, the company can ask objectively: are we protected against prompt injection? Against sensitive data disclosure? Against an agent's excessive agency? It is the difference between trusting it is fine and being able to verify.
How to use the OWASP LLM Top 10 in practice
The list is not a product you install; it is a guide that informs decisions. To get value from it:
- Map where the company uses AIBefore applying the list, know which AI tools and applications exist, including those adopted without approval.
- Assess each use against the ten risksFor each application, ask which of the ten risks apply and what is already protected.
- Start at the topPrompt injection and sensitive data disclosure are usually the most urgent for those who use AI day to day.
- Demand the list from vendorsWhen hiring an AI tool, ask how it handles the OWASP LLM Top 10 risks. The answer separates the serious from the improvised.
In practice
You do not need to become an AI expert to use this list. Just bring it to the next conversation about an AI tool and ask: how do you handle each of these ten risks? Whoever has no clear answer has not thought about security yet.
How Zamak uses the OWASP LLM Top 10
Zamak Technologies uses the OWASP LLM Top 10 as a reference in managed cybersecurity in the Zamak Method: it assesses where the company exposes AI, prioritizes the most critical risks (starting with prompt injection) and applies the defenses alongside the internal team. A good starting point is the AI exposure diagnostic, which reveals which AI uses exist so they can then be assessed against the list.