Qurtoo Qurtoo
Security

OWASP LLM Top 10

A community-maintained catalog of the ten most critical security risks for LLM-integrated applications -- the industry-standard starting point for LLM threat modeling.

First published April 14, 2026

OWASP LLM Top 10 (current version LLM02:2025) mirrors the original OWASP Top 10 for web apps but targets LLM-specific risks. The list evolves as the field learns; v1 was mostly theoretical, v2 (released 2025) is driven by real incidents.

Current top entries: (1) prompt injection, (2) sensitive information disclosure, (3) supply chain vulnerabilities, (4) data and model poisoning, (5) improper output handling, (6) excessive agency, (7) system prompt leakage, (8) vector and embedding weaknesses, (9) misinformation, (10) unbounded consumption.

Example Prompt

Threat model template using OWASP LLM Top 10:

For each category, answer:
- Does this risk apply to our app? (yes/no/partial)
- If yes: what is our current mitigation?
- If no mitigation: what is the intended mitigation and timeline?

Categories: LLM01 prompt injection, LLM02 sensitive info disclosure,
LLM03 supply chain, LLM04 data poisoning, LLM05 improper output
handling, LLM06 excessive agency, LLM07 system prompt leakage,
LLM08 vector/embedding, LLM09 misinformation, LLM10 unbounded
consumption.

When to use it

  • Threat modeling an LLM feature before rollout
  • Compliance / audit prep where "standard coverage" is expected
  • Aligning security vocabulary across teams

When NOT to use it

  • As a compliance checkbox rather than a real threat model
  • Ignoring app-specific risks that aren't on the list