MapleSpike MapleSpike

OWASP Compliance

Security posture assessment based on OWASP Top 10 for LLM Applications (2023)

Total Categories
10
Passing
5
Partial
4
Failing
1

⚠️ Attention Required

  • 1 Critical severity item(s) need immediate action
  • 2 High severity item(s) should be addressed soon

Live Dependency Security

STUB

Source: pnpm audit --json (re-run server-side by /v1/security/audit-summary)

Loading latest dep audit…

LLM01: Prompt Injection

CriticalPartial

Prompt injection vulnerabilities when malicious users craft inputs that manipulate the LLM to execute unintended actions, bypass controls, or access restricted information.

Checklist (4 items)

⚠️Input sanitization for user prompts
Output filtering for code execution
Context window isolation
Jailbreak detection

LLM02: Insecure Output Handling

HighPass

LLM output not validated or sanitized before being used to control downstream components or systems.

Checklist (4 items)

Output type validation
SQL injection prevention
XSS prevention in web responses
Code execution sandboxing

LLM03: Training Data Poisoning

CriticalPass

Malicious actors manipulate training data or fine-tuning processes to introduce vulnerabilities, backdoors, or biased behavior.

Checklist (4 items)

Source data provenance tracking
Data integrity verification
Unauthorized modification detection
Training pipeline audit logging

LLM04: Model Denial of Service

HighPartial

Resource exhaustion attacks targeting the LLM or its infrastructure, causing degraded performance or unavailability.

Checklist (4 items)

Rate limiting per user
Context window limits
⚠️GPU resource quotas
Request throttling

LLM05: Supply Chain Vulnerabilities

HighPass

Compromises in the LLM supply chain, including models, datasets, libraries, or infrastructure.

Checklist (4 items)

Model source verification
Dependency vulnerability scanning
Signed model artifacts
Vendor SBOM requirements

LLM06: Sensitive Information Disclosure

MediumPartial

LLMs may inadvertently reveal sensitive information, including training data or user-provided confidential data.

Checklist (4 items)

⚠️PII detection and redaction
Training data confidentiality
Prompt data encryption at rest
Audit log review

LLM07: Insecure Plugin Design

HighPass

Vulnerabilities in plugin architectures or tool calling mechanisms that allow unauthorized actions or data access.

Checklist (4 items)

Plugin permission boundaries
Tool input validation
Authorization checks per tool
Plugin sandboxing

LLM08: Excessive Agency

HighPartial

LLMs may take actions beyond their intended scope, causing unintended consequences.

Checklist (4 items)

⚠️Action allowlist enforcement
Human-in-the-loop for sensitive operations
Goal constraint validation
Tool use logging

LLM09: Overreliance

LowFail

Users may place excessive trust in LLM outputs without verification, leading to errors or security issues.

Checklist (4 items)

Citation provenance tracking
Confidence scoring
Human verification prompts
Hallucination detection

LLM10: Model Theft

MediumPass

Unauthorized access to or exfiltration of proprietary models, fine-tuned weights, or training data.

Checklist (4 items)

Model artifact encryption
Access controls on model storage
Exfiltration monitoring
Watermarking for model identification