OWASP Compliance
Security posture assessment based on OWASP Top 10 for LLM Applications (2023)
⚠️ Attention Required
- 1 Critical severity item(s) need immediate action
- 2 High severity item(s) should be addressed soon
Live Dependency Security
STUBSource: pnpm audit --json (re-run server-side by /v1/security/audit-summary)
LLM01: Prompt Injection
CriticalPartialPrompt injection vulnerabilities when malicious users craft inputs that manipulate the LLM to execute unintended actions, bypass controls, or access restricted information.
Checklist (4 items)
LLM02: Insecure Output Handling
HighPassLLM output not validated or sanitized before being used to control downstream components or systems.
Checklist (4 items)
LLM03: Training Data Poisoning
CriticalPassMalicious actors manipulate training data or fine-tuning processes to introduce vulnerabilities, backdoors, or biased behavior.
Checklist (4 items)
LLM04: Model Denial of Service
HighPartialResource exhaustion attacks targeting the LLM or its infrastructure, causing degraded performance or unavailability.
Checklist (4 items)
LLM05: Supply Chain Vulnerabilities
HighPassCompromises in the LLM supply chain, including models, datasets, libraries, or infrastructure.
Checklist (4 items)
LLM06: Sensitive Information Disclosure
MediumPartialLLMs may inadvertently reveal sensitive information, including training data or user-provided confidential data.
Checklist (4 items)
LLM07: Insecure Plugin Design
HighPassVulnerabilities in plugin architectures or tool calling mechanisms that allow unauthorized actions or data access.
Checklist (4 items)
LLM08: Excessive Agency
HighPartialLLMs may take actions beyond their intended scope, causing unintended consequences.
Checklist (4 items)
LLM09: Overreliance
LowFailUsers may place excessive trust in LLM outputs without verification, leading to errors or security issues.
Checklist (4 items)
LLM10: Model Theft
MediumPassUnauthorized access to or exfiltration of proprietary models, fine-tuned weights, or training data.