What is the OWASP LLM Top 10?

It is a community-maintained list of the most critical security risks specific to applications that use large language models — covering prompt injection, insecure output handling, data leakage, and more. This guide summarises each risk with practical guidance.

What is prompt injection?

Prompt injection is when untrusted input — from a user or a document the model reads — overrides your instructions and makes the model do something unintended. Indirect prompt injection hides those instructions inside content the model retrieves, which is harder to defend against.

Can I test my own app with this?

Yes. Each risk includes a test pattern you can adapt to probe your application in a safe environment. Only test systems you own or have permission to test, and never run injection payloads against production data.

Does this replace a professional security review?

No. It is an educational reference and checklist to raise your baseline. For production systems handling sensitive data, commission a proper threat model and penetration test.

Is anything sent to a server?

No. The guide and filtering run entirely in your browser. Nothing you view or copy is transmitted.

Prompt Security Reference Guide

A prompt security reference guide helps teams shipping LLM features avoid the mistakes that turn a helpful assistant into a liability. The OWASP Top 10 for LLM applications catalogues the risks unique to these systems — prompt injection, leaked training data, over-broad agency, insecure output handling, and more. This tool turns that list into something you can actually use: each risk with a definition, an example, a test pattern, and a mitigation checklist.

How it works

The guide is a structured dataset of the OWASP LLM Top 10. You filter by risk category to focus on one item or browse all ten. Each entry gives a plain-English definition, a concrete example of how the risk manifests, a test pattern you can adapt to probe your own application, and a mitigation checklist of concrete controls. Everything runs in your browser; nothing you view or copy is sent anywhere. Use it as a learning aid for engineers new to LLM security and as a baseline checklist during code review.

How to use it safely

Only run the test patterns against systems you own or are authorised to test, in a non-production environment with no real customer data — injection payloads can trigger real actions if your model has tool access. Treat the mitigation checklists as a starting point, not a finish line: defence in depth matters because no single control stops prompt injection completely. Pair input validation with least-privilege tool access (so a hijacked prompt cannot do much damage), output encoding (so model output cannot inject into downstream systems), and human approval for high-impact actions. For production systems handling sensitive data, follow up with a full threat model and an independent penetration test — this guide raises your baseline, it does not replace expert review.