Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

minor errors in 2025 RC #464

Closed
6 tasks done
GangGreenTemperTatum opened this issue Nov 6, 2024 · 1 comment · Fixed by #465
Closed
6 tasks done

minor errors in 2025 RC #464

GangGreenTemperTatum opened this issue Nov 6, 2024 · 1 comment · Fixed by #465
Assignees
@GangGreenTemperTatum

Comments

@GangGreenTemperTatum
Copy link
Collaborator

GangGreenTemperTatum commented Nov 6, 2024
edited
Loading

from Mohit -> https://owasp.slack.com/archives/C06J29KUV7E/p1730793075189299

Remember, an issue is not the place to ask questions. You can use our Slack channel for that, or you may want to consult the following Slack channels:

When reporting an issue, please be sure to include the following:

  • Before you open an issue, please check if a similar issue already exists or has been closed before.
  • A descriptive title and apply the specific LLM-0-10 label relative to the entry. See our available labels.
  • A description of the problem you're trying to solve, including why you think this is a problem
  • If the enhancement changes current behavior, reasons why your solution is better
  • What artifact and version of the project you're referencing, and the location (I.E OWASP site, llmtop10.com, repo)
  • The behavior you expect to see, and the actual behavior

Steps to Reproduce

  1. https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/blob/main/2_0_vulns/Release%20Candidates/Draft_LLMAll_en-US_regular_toc.pdf

What happens?

see below

What were you expecting to happen?

see below

Any logs, error output, etc?

Hi
@Steve Wilson
Document (Release candidate for the 2025 Top 10 List for LLM Apps) shared in project top for LLM looks impressive. just a few minor observations: Links:
LLM 01 Prompt Injection, Page 6
Reference link 2 (related to ChatGPT Cross Plugin Request Forgery) not working well.
Reference link 7 (related to ChatML for OpenAI Calls Github) not working well.
LLM 04 Data and Model Poisoning, Page 20: Related Frameworks and Taxonomies:
First 2 have links however third one (related to AI model watermarking) is in plain text only. It is missing a link.
LLM06:2025 Excessive Agency, Page 27:
Reference links 5 (related to LangChain) is not working.
LLM 10 Unbounded Consumption, Page 40 : Related framework and Taxonomies:
Link no 3,4, 5 and 8 not working.
Spelling:
LLM06:2025 Excessive Agency Page 25 – Prevention and Mitigation Strategies 2nd control: I think we’re trying to say “Minimize” in place of “Minimine”
Scenario names:
We have assigned names to scenarios for a few vulnerabilities, such as LLM 01, 02, 03, and 08. However, some vulnerabilities are missing scenario names. To ensure uniformity, I think we can either remove all scenario names or assign names for all vulnerabilities. I can also propose scenario names for the vulnerabilities that currently lack them.

OWASP Top 10 LLM Applications and Generative AI : 2025
LLM 01 Prompt Injection
Reference link 2:
2. ChatGPT Cross Plugin Request Forgery and Prompt Injection Embrace the Red
https://embracethered.com/blog/posts/2023/chatgpt-cross-plugin-request-forgery-and-prompt-injection
Reference link 7:
7. ChatML for OpenAI API Calls Github
https://github.com/openai/openai-python/blob/main/chatml.md
LLM06:2025 Excessive Agency
Reference links 5:
5. LangChain: Human-approval for tools: Langchain Documentation
https://python.langchain.com/docs/modules/agents/tools/how_to/human_approval/
LLM 10 Unbounded Consumption:
Related framework and Taxonomies
Link 3
AML.T0029 – Denial of ML Service MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0029
Link 4
AML.T0034 – Cost Harvesting MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0034
Link 5
AML.T0025 – Exfiltration via Cyber Means MITRE ATLAS
https://atlas.mitre.org/tactics/AML.T0025
Link 8
OWASP Resource Management OWASP Secure Coding Practices
https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/latest/secp212.html

Any other comments?

  • [https://owasp.slack.com/archives/C06J29KUV7E/p1730793075189299] Slack post link (if relevant)
@GangGreenTemperTatum GangGreenTemperTatum self-assigned this Nov 6, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 6, 2024

👋 Thanks for reporting! Please ensure labels are applied appropriately to the issue so that the workflow automation can triage this to the correct member of the core team

@GangGreenTemperTatum GangGreenTemperTatum mentioned this issue Nov 6, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GangGreenTemperTatum GangGreenTemperTatum

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Entries/minor rc 2025 fixes OWASP/www-project-top-10-for-large-language-model-applications
1 participant
@GangGreenTemperTatum