O W A S P T o p 1 0 f o r L L M 2 0 2 3 ow asp .org/www -projec t -t op-10-for-l arge-l angu a ge-model-applica tionsO W A S P T o p 1 0 f o r L L M | 2 OW ASP .or gI n t r o d u c t i o n W elcome t o the first iter ation of the OW ASP T op 10 for Lar ge Language Models (LLMs) Applications. This document marks an ex citing new chapter in the ongoing effor ts t o enhance security in the r apidly e v olving field of ar tificial intelligence. This initiativ e is the culmination of the tir eless effor ts of our first exper t team, a div erse gr oup of security specialists, AI r esear chers, de v elopers, and industr y leaders. Since our inception just a month ago, our r anks ha v e swelled t o o v er 370 members, with mor e than 100 exper ts activ ely contributing. This r emarkable gr owth is a testament t o the gr a vity and immediacy of the challenge we face, and the dedication of those working t o meet it head on. The hear tiest of congr atulations and deepest gr atitude is due t o our team. The knowledge, time, and passion the y ha v e dedicated t o this pr oject ha v e been inv aluable. This endea v or wouldn 't ha v e been possible without their pr ofound insights and unwa v ering commitment.A G R O U N D B R E A K I N G E F F O R T The purpose of our gr oup, as outlined in the OW ASP T op 10 for LLM Applications W orking Gr oup Char ter , is t o identify and highlight the t op security and saf ety issues that de v elopers and security teams must consider when building applications le v er aging Lar ge Language Models (LLMs). Our objectiv e is t o pr o vide clear , pr actical, and actionable guidance t o enable these teams t o pr oactiv ely addr ess potential vulner abilities in LLM-based applications. The ultimate aim is t o pr o vide a r obust foundation for the saf e and secur e utilization of LLMs acr oss a wide arr a y of scenarios, fr om small-scale individual pr ojects t o lar ge-scale corpor ate and go v ernmental implementations. W e firmly belie v e that b y understanding and mitigating the t op vulner abilities associated with LLMs, we can contribute t o a saf er and mor e r eliable digital envir onment for e v er y one.O U R P U R P O S E This document, V ersion 0. 5, ser v es as a crucial milest one in our ongoing journe y . It encapsulates the collectiv e insights and understanding of our gr oup, at this early stage, of the uni que vulner abilities inher ent t o applications le v er aging LLMs. It' s impor tant t o note that this is not the final v ersion of the OW ASP T op 10 for LLMs. Instead, consider it a ' pr e view' of what' s t o come. W e ar e committed t o r efining, expanding, and deepening our work o v er the coming month as we work t owar ds the true V ersion 1.0. W e invite y ou t o explor e this pr eliminar y list, t o shar e y our f eedback, and t o join us in our mission t o cr eate a saf er , mor e secur e futur e for AI. Once again, we extend our hear tf elt thanks t o our exper t team and the br oader community for their continued suppor t. T ogether , let' s na vigate the ex citing and complex world of LLMs with an e y e t owar ds security , saf ety , and inclusivity . Pr oject Lead, OW ASP T op 10 for LLM AI Application s T witter: @vir tualste v eSte v e WilsonA B O U T T H I S V E R S I O NO W A S P T o p 1 0 f o r L L M | 3 OW ASP .or gO W A S P T o p 1 0 f o r L L M This is a dr aft list of impor tant vulner ability types for Ar tificial Intelligence (AI) applications built on Lar ge Language Models (LLMs). P l u g i n s c o n n e c t i n g L L M s t o e x t e r n a l r e s o u r c e s c a n b e e x p l o i t e d i f t h e y a c c e p t f r e e - f o r m t e x t i n p u t s , e n a b l i n g m a l i c i o u s r e q u e s t s t h a t c o u l d l e a d t o u n d e s i r e d b e h a v i o r s o r r e m o t e c o d e e x e c u t i o n .L L M 1 0 : I n s e c u r e P l u g i n sO v e r r e l i a n c e o n L L M s c a n l e a d t o