Professional Documents
Culture Documents
OWASP Top 10 For LLMs 2023 Slides v09
OWASP Top 10 For LLMs 2023 Slides v09
OWASP Top 10 For LLMs 2023 Slides v09
3
for LLM
| OWASP Top 10 for LLM
EXAMPLES
LLM01
Attackers instruct LLM to return private information
Hidden prompt injection in a webpage solicits sensitive information
potential backend system exploitation or Limit untrusted content's influence on user prompts
Establish trust boundaries and maintain user control.
user interaction manipulation.
ATTACK SCENARIOS
EXAMPLES
LLM02
LLM output directly entered into a backend function, causing remote
code execution
Handling PREVENTION
passes it to backend or client-side Application passes LLM-generated response into an internal function
without validation, leading to unauthorized access or modifications
functions. This can lead to XSS, CSRF, A website summarizer tool powered by an LLM captures sensitive content
EXAMPLES
LLM03
documents
Poisoning P R E V E NT I O N
EXAMPLES
LLM04
High-volume task generation through specific queries
Unusually resource-consuming queries
Model Denial of Continuous input overflow exceeding the LLM's context window
Repeated long inputs or variable-length input floods.
Service PREVENTION
EXAMPLES
LLM05
Use of vulnerable third-party components or base images
Use of a tampered pre-built model for fine-tuning
Vulnerabilities PREVENTION
Vet data sources and suppliers, including their T&Cs and privacy policies
Use reputable plug-ins and ensure they have been tested for your
Supply-chain vulnerabilities can impact application requirements
Maintain an up-to-date inventory of components using a Software Bill of
the entire lifecycle of LLM applications, Materials (SBOM).
including third-party libraries/packages,
ATTACK SCENARIOS
docker containers, base images, and
Exploitation of a vulnerable or outdated package or base image
service suppliers. These vulnerabilities Exploitation of a malicious or vulnerable ChatGPT plugin
can lead to cyber-attacks, data disclosure, Exploitation of an outdated or deprecated model with vulnerabilities.
and tampering.
| OWASP Top 10 for LLM
EXAMPLES
LLM06
Malicious manipulation of model's training data
Training models using unverified data
Disclosure PREVENTION
EXAMPLES
LLM07
Plugins accepting undifferentiated parameters
Plugins taking URL strings instead of query parameters
Design PREVENTION
EXAMPLES
LLM08
Excessive Agency
P R E V E NT I O N
due to unexpected LLM outputs, caused Limit LLM plugins' permissions on other systems
AT TAC K S C E N A R I O S
EXAMPLES
LLM09
individuals excessively trust LLMs for Verify LLM outputs with trusted sources
EXAMPLES
LLM10
models, leading to economic loss, Strong access controls/authentication for LLM repositories
model usage, and potential exposure of Automated MLOps deployment with governance
sensitive information.
AT TAC K S C E N A R I O S