# OWASP and LLM

## OWASP Top 10 for Large Language Model Applications

* [OWASP Top 10 for Large Language Model Applications ](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
* [GenAI OWASP](https://genai.owasp.org/)
* [OWASP Top 10 for LLM Applications 2025](https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/)

Artificial Intelligence (AI) and Machine Learning (ML) have revolutionized industries, enabling unprecedented advancements in automation, data analysis, and user interaction. From chatbots to autonomous systems, the deployment of Large Language Models (LLMs) is expanding rapidly. However, this growth brings with it a host of security concerns that require proactive measures.

The penetration testing (pentest) of AI/ML systems has emerged as a specialized discipline within cybersecurity. Unlike traditional applications, AI systems, particularly LLMs, involve unique challenges such as understanding model behaviors, safeguarding training datasets, and mitigating risks from adversarial inputs. Pentesting AI systems involves probing for vulnerabilities not only in the code but also in the data, algorithms, and their interactions with external systems.

Key areas of focus in AI/ML pentesting include:

* Identifying weaknesses in data pipelines.
* Detecting adversarial attacks, such as poisoning and evasion tactics.
* Ensuring robustness against unauthorized manipulations of model outputs.

Recognizing these challenges, the **OWASP Top 10 for LLM Applications 2025** provides a structured framework to identify and address the most pressing security risks in LLM deployments. This guide bridges the gap between traditional cybersecurity practices and the nuanced requirements of modern AI systems.

***

<div align="left"><figure><img src="/files/XKCnDCY5ou90nCtWdHzV" alt=""><figcaption><p><a href="https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/">https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/</a></p></figcaption></figure></div>

#### 📢 The 2025 List is Available: <a href="#the-2025-list-is-available" id="the-2025-list-is-available"></a>

Download OWASP Top 10 for LLMs List for 2025 [Full Version](https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/).

#### Download Additional Resources from our [Website](https://genai.owasp.org/) including: <a href="#download-additional-resources-from-our-website-including" id="download-additional-resources-from-our-website-including"></a>

* [Security & Governance Checklist v1.0](https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/) Essential guidance for CISOs managing the rollout of Gen AI technology.
* [Guide for Preparing and Responding to DeepFakes](https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/)
* [2025 AI Security Solutions Directory and Guide](https://genai.owasp.org/ai-security-solutions-landscape/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev-angelist.gitbook.io/ai-ml-pentest/owasp-and-llm.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.