OWASP LLM Top 10
A standardized list of the ten most critical security risks for applications built on Large Language Models, maintained by the Open Web Application Security Project (OWASP) — the same organization behind the traditional OWASP Top 10 for web applications.
The list covers risks like prompt injection, training data poisoning, model denial of service, supply chain vulnerabilities, and sensitive information disclosure.
Promptfoo uses this taxonomy as the basis for its red-teaming plugins (142+ checks), making it straightforward to test an LLM application against these known attack categories.
See also
- Promptfoo — implements automated checks for these risks
- Prompt Evaluation — the broader eval framework these security checks fit into