What is the OWASP Top 10 for LLM Applications?
Category:LLM Privacy & Compliance
Quick Answer
OWASP Top 10 for LLM (2025) identifies critical security risks. Privacy-relevant: Prompt Injection (extract training data), Sensitive Information Disclosure (LLM reveals PII), Excessive Agency (access beyond scope), Vector Weaknesses (RAG cross-tenant leaks), Misinformation (hallucinated PII).
Detailed Answer
The OWASP Top 10 for LLM Applications (2025 edition) identifies the most critical security risks. Privacy-relevant entries include:
| # | Risk | Privacy Relevance |
|---|---|---|
| 1 | Prompt Injection | Can extract training data or bypass safety filters |
| 2 | Sensitive Information Disclosure | LLM reveals PII from training or context |
| 6 | Excessive Agency | LLM accesses data beyond intended scope |
| 8 | Vector and Embedding Weaknesses | RAG systems leaking cross-tenant data |
| 9 | Misinformation | LLM generates false PII (hallucinated personal data) |
Developers should review the full list at owasp.org/llm.
Comments
Loading comments...