127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
10 in OWASP LLM TOP10 · 127 total
| ID | Title | Summary |
|---|---|---|
| OWASP_LLM_TOP10-LLM01 | Prompt Injection OWASP LLM TOP10pentest:high | Prompt injection vulnerabilities occur when user prompts alter the LLM's behaviour or output in unintended ways. These inputs can affect the model even if they… |
| OWASP_LLM_TOP10-LLM02 | Sensitive Information Disclosure OWASP LLM TOP10pentest:high | LLMs can expose sensitive information through their outputs, including personally identifiable information (PII), proprietary algorithms, confidential business… |
| OWASP_LLM_TOP10-LLM03 | Supply Chain OWASP LLM TOP10pentest:high | LLM supply chains are vulnerable to integrity failures, particularly in training data, models, and deployment platforms. Risks include compromised pretrained m… |
| OWASP_LLM_TOP10-LLM04 | Data and Model Poisoning OWASP LLM TOP10pentest:high | Data and model poisoning attacks occur when an attacker manipulates the pretraining, fine-tuning, or embedding data of the LLM to introduce vulnerabilities, ba… |
| OWASP_LLM_TOP10-LLM05 | Improper Output Handling OWASP LLM TOP10pentest:high | Improper output handling occurs when LLM-generated output is passed downstream to other systems without validation, sanitisation, or context-aware escaping. Th… |
| OWASP_LLM_TOP10-LLM06 | Excessive Agency OWASP LLM TOP10pentest:high | Excessive agency arises when LLM-based systems are granted excessive functionality, permissions, or autonomy. Damaging actions can occur in response to unexpec… |
| OWASP_LLM_TOP10-LLM07 | System Prompt Leakage OWASP LLM TOP10pentest:high | System prompts contain configuration, instructions, and sometimes sensitive data (credentials, internal endpoints, business logic) that should not be exposed. … |
| OWASP_LLM_TOP10-LLM08 | Vector and Embedding Weaknesses OWASP LLM TOP10pentest:high | Vulnerabilities in vector databases and embedding stores used by RAG applications. Includes unauthorised access to embedding stores, cross-tenant data leakage … |
| OWASP_LLM_TOP10-LLM09 | Misinformation OWASP LLM TOP10pentest:medium | LLMs can generate plausible-but-false outputs (hallucinations) that downstream consumers rely upon. The risk increases when the LLM is used for high-stakes dec… |
| OWASP_LLM_TOP10-LLM10 | Unbounded Consumption OWASP LLM TOP10pentest:high | Unbounded consumption refers to model invocations that consume excessive resources — compute, memory, tokens, or external API quota — leading to denial of serv… |