Chapter 2. The OWASP Top 10 for LLM Applications

In the spring of 2023, I began researching security vulnerabilities specific to LLMs. At the time, there was a relatively large body of research on security for AI in general, but very little organized research about LLMs. However, I did find some research papers and blogs that covered some ideas in the area. I began the process of collecting these research papers and summarizing them using ChatGPT. Eventually, I provided a few examples from the current Top 10 list of web application vulnerabilities and asked ChatGPT to generate a draft Top 10 for LLMs in a similar format.

I thought what came out looked interesting, so I sent it to Jeff Williams, a founder of OWASP, the Open Worldwide Application Security Project, to see what he thought. Jeff, Contrast Security’s chief technology officer, wrote the first OWASP Top 10 list in 2001. His goal was to create an accessible resource for developers that detailed the most critical risks and vulnerable areas of web applications. At the time, the World Wide Web was still only a few years old, and most developers had little to no understanding of how to create secure web applications. That original Top 10 list became a seminal work and a foundational resource in application security.

I didn’t tell Jeff that my list was primarily machine generated. As the original Top 10 list’s author, I figured he could give me an idea of whether my Top 10 list looked novel and worth pursuing. Jeff encouraged ...