<!-- Source: https://melinasecurity.com/knowledge/glossary/owasp-llm-top-10/  License: CC BY 4.0 with attribution to Melina Security  Last-updated: 2026-06-12 -->

# OWASP LLM Top 10

**slug:** `owasp-llm-top-10` · **URL:** `/knowledge/glossary/owasp-llm-top-10/` · **category:** AI/ML Security · **reviewer:** Gleb

### Definition

The OWASP Top 10 for Large Language Model Applications (OWASP LLM Top 10) is a community-maintained list of the most critical security risks in LLM-powered applications. Published by the OWASP Foundation and updated annually, the current edition (v2025) lists prompt injection, sensitive information disclosure, supply chain, data and model poisoning, improper output handling, excessive agency, system-prompt leakage, vector and embedding weaknesses, misinformation, and unbounded consumption.

### What it means

The OWASP LLM Top 10 is the de-facto starting framework for [AI/ML security](/services/ai-ml-security/) work in production LLM systems. Each top-10 entry includes a description, example attack scenarios, prevention guidance, and references — making it a practical engagement-planning anchor for both offensive and defensive teams.

The most consequential entries for current production deployments are LLM01 (Prompt Injection) — covering both direct and indirect injection paths — and LLM07 (System Prompt Leakage), because most LLM applications inherit identity, authorization, or business-logic context from system prompts that were not designed to remain confidential.

For Melina AI/ML engagements, the OWASP LLM Top 10 is one of three primary frameworks we work against, alongside the NIST AI Risk Management Framework and MITRE ATLAS for adversarial ML threat modeling. We pair the OWASP LLM Top 10 categorization with engagement-specific threat scenarios derived from the application's architecture, data sources, and tool integrations.

### Related terms

- [Prompt injection](/knowledge/glossary/prompt-injection/)
- [CWE](/knowledge/glossary/cwe/)

### Authoritative sources

- [OWASP Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/)
- [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework)
- [MITRE ATLAS](https://atlas.mitre.org/)

---

End of glossary-batch-4/article.md (7 terms: MQTT, CoAP, LWM2M, CVE, CVSS, CWE, OWASP LLM Top 10).