White paperHigh credibilityOWASP · October 1, 2023

OWASP Top 10 for Large Language Model Applications

Our summary

A community-built catalog of the most critical security risks for LLM applications — prompt injection, insecure output handling, training-data poisoning, and more — with mitigations for each.

Why it matters

The de-facto checklist teams reach for when threat-modeling an LLM deployment.

Cited by these methods

🔬 Prompt-injection & jailbreak testing

Related findings (1)

Indirect prompt injection via retrieved contentCritical
Instructions hidden in documents, web pages or tool outputs can override the system prompt when ingested by the model.

Prompt injection Safety

Published June 26, 2026

Cite this

Qlarify Labs. (2026). OWASP Top 10 for Large Language Model Applications. Retrieved from https://labs.qlarify.fi/references/owasp-top-10-llm-applications