OWASP_LLM_TOP10LLM09:2025voice-validated
OWASP_LLM_TOP10 LLM09: LLM09:2025
OWASP_LLM_TOP10
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
LLMs can generate plausible-but-false outputs (hallucinations) that downstream consumers rely upon. The risk increases when the LLM is used for high-stakes decisions, in agentic chains where errors compound, or when output is integrated into legal/medical/financial workflows without human review. Includes both unintentional inaccuracy and adversarial misinformation injected via prompt or retrieval channels.
ATT&CK techniques this article tests · 0
| Technique | Why it maps | Confidence |
|---|
Defending mitigations · 0
| Mitigation | What it does | Confidence |
|---|
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-20 | 1. Improper input validation allows adversarial prompts or malformed inputs to trigger LLM hallucinations, leading to the generation of plausible-but-false outputs. | 90% |
| CWE-345 | 2. Insufficient verification of data authenticity means LLM outputs are not adequately fact-checked, allowing hallucinations to propagate and be relied upon by downstream consumers. | 90% |
| CWE-502 | 3. Deserialization of untrusted data can lead to an LLM processing malicious or malformed inputs, resulting in hallucinated interpretations or actions within agentic systems. | 70% |
| CWE-799 | 4. Improper control of interaction frequency, particularly with unmonitored or rapid queries, can exacerbate the probability and impact of LLM hallucinations. | 70% |
| CWE-1125 | 5. Insufficient protection against data integrity violation is directly linked to hallucinations, as false information is presented as fact, compromising the trustworthiness of LLM outputs. | 90% |
| CWE-1126 | 6. Hallucinations can lead to insufficient protection against data confidentiality violation by generating false sensitive information, which, if believed, could compromise privacy. | 80% |
| CWE-1127 | 7. Insufficient protection against data availability violation can occur when systems act on hallucinated data, leading to incorrect operations, service disruptions, or resource exhaustion. | 80% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0181 compute · voice-rubric self-validated