The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents ...

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...

In an increasingly interconnected digital world, web applications are the backbone of online services. With this ubiquity comes a significant risk: web applications are prime targets for cyberattacks.

Direct prompt injection occurs when a user crafts input specifically designed to alter the LLM’s behavior beyond its intended boundaries.

Sensitive information disclosure via large language models (LLMs) and generative AI has become a more critical risk as AI adoption surges, according to the Open Worldwide Application Security Project ...

2021 saw a major revamp of the OWASP top 10 most critical and severe application security risks. The first article in this series examined the new methodology that OWASP used to derive its ranking.

The Open Worldwide Application Security Project (OWASP) has earned a reputation as a trusted authority in application security. Its most widely recognised contribution, the OWASP Top 10, serves as a ...

According to a report released by Akamai earlier this year, API calls now represent 83% of all web traffic. Web-enabled applications already have 40% of their attack surface in the form of APIs ...

As the OWASP Foundation navigates its third decade of existence, many application security experts and OWASP volunteer contributors say it's time for the organization to make some big changes to stay ...