MCPcopy Index your code
hub / github.com/GenAI-Security-Project/GenAI-LLM-Top10

github.com/GenAI-Security-Project/GenAI-LLM-Top10 @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
138 symbols 323 edges 3 files 27 documented · 20% updated 1d ago★ 3320 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

OWASP Top 10 for LLM Applications & Generative AI

GenAI-LLM-Top10

Companion repository to the OWASP Top 10 for Large Language Model Applications, maintained under the GenAI Security Project org.

OWASP Top 10 for Large Language Model Applications

Current version in-flight OWASP Flagship Status project License: CC BY-SA 4.0 genai.owasp.org

Welcome to the official repository for the OWASP Top 10 for Large Language Model Applications!

About This Repository

This repository contains the OWASP Top 10 for Large Language Model Applications, which is now housed under the comprehensive OWASP GenAI Security Project. The OWASP GenAI Security Project is a global, open-source initiative dedicated to identifying, mitigating, and documenting security and safety risks associated with generative AI technologies.

Visit our main project site: genai.owasp.org

Overview and Audience 🗣️

The OWASP Top 10 for Large Language Model Applications is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to Large Language Model (LLM) applications. There are other ongoing frameworks both inside and outside of OWASP that are not to be confused with this project and is currently scoped towards only LLM Application Security.

Our primary audience is developers, data scientists, and security experts tasked with designing and building applications and plugins leveraging LLM technologies. We aim to provide practical, actionable, and concise security guidance to help these professionals navigate the complex and evolving terrain of LLM application security.

Key Focus 📖

The primary aim of this project is to provide a comprehensible and adoptable guide to navigate the potential security risks in LLM applications. Our Top 10 list serves as a starting point for developers and security professionals who are new to this domain, and as a reference for those who are more experienced.

Mission Statement 🚀

Our mission is to make application security visible, so that people and organizations can make informed decisions about application security risks related to LLMs. While our list shares DNA with vulnerability types found in other OWASP Top 10 lists, we do not simply reiterate these vulnerabilities. Instead, we delve into these vulnerabilities' unique implications when encountered in applications utilizing LLMs.

Our goal is to bridge the divide between general application security principles and the specific challenges posed by LLMs. The group's goals include exploring how conventional vulnerabilities may pose different risks or be exploited in novel ways within LLMs and how developers must adapt traditional remediation strategies for applications utilizing LLMs.

Project Documents 📄

Contribution 👋

The first version of this list was contributed by Steve Wilson of Contrast Security. We encourage the community to contribute and help improve the project. If you have any suggestions, feedback or want to help improve the list, feel free to open an issue or send a pull request.

[!IMPORTANT] All changes to this repository must be made through a pull request. There are no exceptions for contributors — direct pushes to main are blocked by branch protection. This applies to every change: new entries, entry upgrades, typo fixes, link repairs, artifact additions, style-guide edits, and README tweaks. If you are unsure whether your change qualifies, open a PR.

For contributors working on the 2026 cycle, see the track-specific guide in 2026/working/CONTRIBUTING.md.

We have a working group channel on the OWASP Slack, so please sign up and then join us on the #team-genai-top-10-llm channel.

Learn how to contribute: https://genai.owasp.org/contribute/

License

This project is licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.

Support OWASP!

Star History Chart

Core symbols most depended-on inside this repo

getReact
called by 11
2026/final/report/images/support.js
compileAttr
called by 8
2026/final/report/images/support.js
walkChildren
called by 6
2026/final/report/images/support.js
resolve
called by 4
2026/final/report/images/support.js
_request
called by 3
2026/working/polling/scripts/sync_sprint2.py
_request
called by 3
2026/working/polling/scripts/create_issues.py
parseDataProps
called by 3
2026/final/report/images/support.js
kebabToCamel
called by 3
2026/final/report/images/support.js

Shape

Function 116
Method 18
Class 4

Languages

TypeScript75%
Python25%

Modules by API surface

2026/final/report/images/support.js104 symbols
2026/working/polling/scripts/sync_sprint2.py27 symbols
2026/working/polling/scripts/create_issues.py7 symbols

For agents

$ claude mcp add GenAI-LLM-Top10 \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page