-
-
Notifications
You must be signed in to change notification settings - Fork 158
Charter
The OWASP Top 10 for LLM Applications Working Group is dedicated to developing a Top 10 list of vulnerabilities specifically applicable to applications leveraging Large Language Models (LLMs). This initiative aligns with the broader goals of the OWASP Foundation to foster a more secure cyberspace and is in line with the overarching intention behind all OWASP Top 10 lists.
The primary audience of our work is developers and security experts who are building applications leveraging LLM technologies. While the issues we address may be of interest to other stakeholders in the LLM ecosystem, such as scholars, legal professionals, compliance officers, and end users, our core focus is to provide actionable, practical, and concise security guidance to these development and security teams.
In acknowledging the inclusive and ever-evolving landscape of developers, we extend our focus to Citizen Developers as well. These individuals may be new to application development, but they are handling critical data and services for their companies and need to be included in our efforts to make applications using LLMs secure and safe.
The goal of this Working Group is to provide a foundation for developers to create applications that include LLMs, ensuring these can be used securely and safely by a wide range of entities, from individuals and companies to governments and other organizations.
Given the nature of applications leveraging LLMs, the vulnerabilities we document may be broader than those seen in previous Top 10 lists. However, our focus is on providing an actionable framework to assess issues that have a clear bearing on security and safety. While it's important to acknowledge and understand the inherent weaknesses of LLMs, our purpose is to equip developers with the knowledge and tools to understand the security considerations around the usage of LLMs, and thus ensure a secure and robust deployment of applications that include LLMs.
In documenting vulnerability types, we will explore LLM vulnerabilities that resemble vulnerability types on other OWASP Top 10 lists. When we do, we will expand on the specific implications of these vulnerabilities for applications leveraging LLMs - rather than rehash the generic.
We aim to bridge the gap between general application security principles and the specific challenges posed by using LLMs in applications. This means exploring how conventional vulnerabilities may pose different risks, how they might be exploited in novel ways, or how traditional remediation strategies need to be adapted for applications using LLMs.
In doing so, we aim to provide clear, actionable, and comprehensive guidance to developers using LLMs in their applications. This will not only help them understand and mitigate these vulnerabilities but also aid them in proactively preventing them.
The nature of applications leveraging LLMs demands a specific, comprehensive exploration of LLM vulnerabilities. The OWASP Top 10 for LLM Applications Working Group is committed to illuminating these issues and providing practical solutions for developers.
Through this charter, we aim to clarify our intentions and methods and invite those who share our goals to join us in making the use of LLMs in applications safer and more secure for all.