Safeguard
Tag

owasp-llm-top-10

Safeguard articles tagged "owasp-llm-top-10" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Vulnerability Analysis

Prompt injection vulnerabilities in LLM applications explained

Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.

Dec 2, 20257 min read
AI Security

LLM Unbounded Consumption: Resource Exhaustion Attacks

How attackers exploit token-based pricing and growing context windows to exhaust LLM compute and inflate cloud bills — and the concrete limits that stop them.

Nov 15, 20259 min read
AI Security

LLM Vector and Embedding Weaknesses

Embeddings aren't anonymized math — Vec2Text recovers 92% of text from vectors, and OWASP's LLM08:2025 now names inversion, poisoning, and exposed vector DBs as core AI risks.

Nov 15, 20257 min read
AI Security

LLM System Prompt Leakage

System prompts often hide business logic and secrets. Here's how attackers extract them, real 2023-2024 incidents, and how to stop leaks before they reach production.

Nov 15, 20257 min read
AI Security

Sensitive Information Disclosure in LLM Applications

From Samsung's ChatGPT leak to RAG pipelines with no access controls, sensitive information disclosure is now a top LLM security risk. Here's how it happens and how to stop it.

Nov 14, 20258 min read
AI Security

Insecure Output Handling in LLM-Integrated Applications

LLM output that reaches a browser, database, or shell unvalidated can trigger XSS, SQL injection, or RCE. Here's how insecure output handling breaks AI apps.

Nov 13, 20258 min read
AI Security

LLM Insecure Plugin Design Vulnerabilities

ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.

Nov 13, 20258 min read
AI Security

LLM Denial of Service Attack Techniques

LLM denial of service attacks exploit sponge prompts, unbounded generation, and denial-of-wallet loops to cripple AI systems without a single exploit.

Nov 13, 20257 min read
AI Security

Excessive Agency in LLM-Powered Applications

Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.

Nov 12, 20258 min read
AI Security

Prompt Injection Attack Techniques and Defenses

Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.

Nov 12, 20257 min read
AI Security

Prompt Injection vs Traditional Injection Attacks: A Tech...

SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.

Jul 22, 20258 min read
AI Security

Distinguishing Model Risk from Application Risk in Agenti...

Model flaws and application flaws in AI agents cause different breaches and need different fixes. Real incidents show where each risk actually lives — and how to test for both.

Jul 21, 20257 min read
owasp-llm-top-10 (Page 2) — Safeguard Blog