OWASP Updates Top 10 for LLM Applications and Generative AI
/ 4 min read
Quick take - On November 19, 2024, the OWASP Foundation announced an update to its OWASP Top 10 for Large Language Model Applications and Generative AI Project, introducing a new sponsorship program aimed at enhancing support for research and education on AI security, while also updating the 2025 Top 10 List to reflect current risks and mitigation strategies for developers and organizations.
Fast Facts
- On November 19, 2024, the OWASP Foundation updated its OWASP Top 10 for Large Language Model (LLM) Applications, introducing a new sponsorship program to enhance support for AI security initiatives.
- The 2025 Top 10 List identifies key risks, vulnerabilities, and mitigation strategies for generative AI and LLM applications, aimed at developers and security professionals.
- Significant updates include new entries on “Unbounded Consumption,” “Vector and Embeddings,” “System Prompt Leakage,” and an expanded focus on “Excessive Agency.”
- The sponsorship program offers Gold, Silver, and Corporate levels, encouraging organizations to contribute to community-driven research and guidance on AI security.
- The project is supported by over 500 cybersecurity experts and more than 110 companies, emphasizing the importance of community involvement in addressing emerging AI security challenges.
OWASP Foundation Announces Update to Top 10 for LLM Applications
On November 19, 2024, the OWASP Foundation announced an update to its OWASP Top 10 for Large Language Model (LLM) Applications and Generative AI Project. The update includes a new sponsorship program designed to enhance support for this critical initiative.
New Sponsorship Program
The program aims to provide additional funding and resources for research, guidance, and education related to the security of AI and generative AI applications. The updated 2025 Top 10 List for LLMs highlights the top risks, vulnerabilities, and mitigation strategies essential for developing and securing generative AI and LLM applications. This resource is intended for developers, security professionals, and organizations, helping them prioritize efforts to identify and address security risks.
Significant updates to the 2025 Top 10 List include an enhanced understanding of existing risks and updated insights on LLM usage in real-world applications. The entry “Unbounded Consumption” expands on “Denial of Service” to encompass resource management and the unexpected costs associated with large-scale LLM deployments. The inclusion of “Vector and Embeddings” provides guidance on securing Retrieval-Augmented Generation (RAG) and embedding-based methods. The addition of “System Prompt Leakage” addresses real-world exploits related to prompt security. An expanded entry for “Excessive Agency” reflects the growing use of agentic architectures within LLM applications.
Community Involvement and Sponsorship
The OWASP Foundation, while providing operational resources for the project, acknowledges that these resources are limited. The newly introduced sponsorship program is positioned to empower a collaborative community with the necessary resources for research and guidance on securing generative AI and LLM applications. Organizations that choose to sponsor the project may enhance their reputations and align with corporate social responsibility goals.
Inaugural sponsors of the OWASP Top 10 for LLM Project include notable organizations such as HiddenLayer, Lakera, Lasso Security, Mend.io, Palo Alto Networks, Pangea Security, PromptArmor, Prompt Security, Securiti, Synack, and Snyk. Sponsorship levels include Gold, Silver, and Corporate options, with tailored options available for startups.
Key figures in the project have emphasized the importance of community involvement in addressing emerging security challenges in AI. Christina Richmond, a principal analyst, highlighted the community’s ability to respond to these challenges. Project lead Steve Wilson noted the success of the previous year’s list and the contributions from a diverse group of professionals for the 2025 update. Co-project lead Scott Clinton underscored the vital role of sponsors in fostering community growth and sustainability.
About OWASP
The OWASP Top 10 for LLM Project is a community-led, industry-neutral, open-source initiative involving over 500 global cybersecurity experts and organizations. The project aims to document the top risks and mitigations while providing actionable solutions for securing LLMs and generative AI. The community supporting the project has expanded to over 5,500 members and is backed by more than 110 companies.
OWASP, established in 2004, is a non-profit organization that produces freely available resources in application security. It promotes best practices for securing software and technology.
Original Source: Read the Full Article Here
