BETA RELEASE

Top 10 for Large Language Model Applications

Secondary report OWASP Foundation
Accessed: 2026-05-02
Original source ↗ Archived copy ↗

Summary

A list of the top ten most critical security vulnerabilities for large language model applications, produced by the OWASP Foundation.

Key quotes

LLM01: Prompt Injection - Manipulating LLMs via crafted inputs can lead to unauthorized access, data breaches, and compromised decision-making.

This page serves as the landing point for the OWASP Top 10 for LLM Applications, which has now expanded into the broader OWASP GenAI Security Project. It lists the ten primary vulnerabilities, including prompt injection and model theft.