- The OWASP Foundation has updated its 2025 Top 10 Risks for Large Language Models (LLMs), highlighting evolving vulnerabilities in generative AI applications and launching a new sponsorship program to fund continued research and guidance.
- Key updates include expanded risks like Unbounded Consumption, Vector and Embedding vulnerabilities, System Prompt Leakage, and the rising concern of Excessive Agency in AI systems.
- Leading companies like Palo Alto Networks, Securiti, HiddenLayer, and Synack are inaugural sponsors, demonstrating industry commitment to secure AI deployment through collaborative research and actionable solutions.
The OWASP Foundation has released the 2025 edition of its Top 10 Risks for LLM Applications and Generative AI, addressing the changing threat landscape as organizations increasingly adopt generative AI technologies. This refreshed list provides updated insights into vulnerabilities across development, deployment, and management phases, helping developers and security professionals prioritize mitigation strategies. Significant updates include expanding Denial of Service to “Unbounded Consumption,” recognizing resource management risks in large-scale LLMs; addressing security in Retrieval-Augmented Generation (RAG) through Vector and Embedding vulnerabilities; spotlighting real-world cases of System Prompt Leakage; and highlighting the growing dangers of Excessive Agency as AI systems gain greater autonomy.
OWASP has launched a new sponsorship program to sustain this vital work, inviting organizations to support its LLM and Generative AI Project. Sponsorship ensures continuous research, community collaboration, and educational initiatives that empower secure AI adoption. Companies like HiddenLayer, Lakera, Lasso Security, and Palo Alto Networks have already committed, reinforcing their leadership in securing generative AI technologies. Sponsors gain valuable insights into emerging AI risks, align with corporate responsibility goals, and contribute to industry-wide efforts to develop safer AI applications.
Industry leaders stress the importance of this initiative. Rich Campagna of Palo Alto Networks emphasized the urgency of preparing for AI-driven vulnerabilities. At the same time, Rehan Jalil of Securiti AI underscored the need for comprehensive data and system-level security. OWASP project leaders highlighted the collaborative nature of the updated list, reflecting contributions from over 500 global experts and more than 110 companies. This broad engagement ensures the guidelines are practical, up-to-date, and responsive to real-world security challenges.
As AI’s role expands across industries, the OWASP Top 10 for LLMs is a critical resource for navigating generative AI security. By fostering global cooperation, promoting security-by-design principles, and equipping organizations with actionable guidance, OWASP strengthens the resilience of AI systems, ensuring innovation proceeds with the necessary safeguards to protect data integrity, privacy, and organizational trust.
Leave a Reply
You must be logged in to post a comment.