LLM Security Checklist
A checklist for LLM security inspired by OWASP Top 10 for LLMs (2025)
1. OWASP Top 10 for LLM Applications (2025)
1.1 Prompt Injection
⬇️ Sample Attack Scenarios:
An attacker injects a prompt in a chatbot to bypass guidelines, query private data stores, and escalate privileges.
Payload splitting: malicious prompts are fragmented to evade detection but manipulate the LLM when combined.
1.3 Supply Chain Vulnerabilities
1.4 Data and Model Poisoning
1.5 Improper Output Handling
1.6 Excessive Agency
1.7 System Prompt Leakage
1.8 Vector and Embedding Weaknesses
1.10 Unbounded Consumption
2. Additional Categories
2.2 Orchestrator Security
2.3 Incident Response and Monitoring
References
Last updated