LLM Security Checklist
A checklist for LLM security inspired by OWASP Top 10 for LLMs (2025)
1. OWASP Top 10 for LLM Applications (2025)
1.1 Prompt Injection
⬇️ Sample Attack Scenarios:
An attacker injects a prompt in a chatbot to bypass guidelines, query private data stores, and escalate privileges.
Payload splitting: malicious prompts are fragmented to evade detection but manipulate the LLM when combined.
1.2 Sensitive Information Disclosure
1.3 Supply Chain Vulnerabilities
1.4 Data and Model Poisoning
1.5 Improper Output Handling
1.6 Excessive Agency
1.7 System Prompt Leakage
1.8 Vector and Embedding Weaknesses
1.9 Misinformation Risks
1.10 Unbounded Consumption
2. Additional Categories
2.1 Input and Output Security
2.2 Orchestrator Security
2.3 Incident Response and Monitoring
References