-
-
Notifications
You must be signed in to change notification settings - Fork 140
Charter
Founded in May 2023, the OWASP Top 10 for LLM Applications Working Group set out to create a definitive guide on vulnerabilities, mitigations, and best practices for LLM applications. Released in August 2023, the guide received widespread acclaim, marking the beginning of a dynamic and expanding initiative. With over 1,000 members, the group has updated the core document, translated it into multiple languages, and developed additional resources like "The LLM AI Cybersecurity & Governance Checklist." Engagement with standards bodies such as NIST and MITRE has further established the group's role in shaping cybersecurity practices.
Initially focused on maintaining the "OWASP Top 10 for LLM Applications" document, the group's mission has expanded with the quick expansion of LLM and Generative AI technologies. Beyond updating the core document focused on LLM security vulnerabilities, we now aim to create related works addressing the needs of a diverse audience. This includes influencing government policy and collaborating with international standards bodies to ensure the secure, safe, and ethical use of LLMs and Generative AI. Our comprehensive approach seeks to advance cybersecurity measures, bridging the gap between technology and regulation.
Our primary effort, the core Top 10 document, targets software development teams creating LLM-based applications, serving roles including software engineers, machine learning engineers, enterprise architects, application security professionals, data scientists, and security operations personnel. Beyond this core audience, we are developing resources for strategic roles such as CISOs and compliance officers, focusing on governance, risk management, and compliance aspects of LLM application deployment.
The "OWASP Top 10 for LLM Applications" concentrates on security vulnerabilities unique to LLM applications. However, our group will also offer guidance as appropriate that touches on broader risk areas such as safety, privacy, legal liabilities, and reputational damage. Our group aims to educate audiences on technical vulnerabilities, broader risk classes, and the implications of deploying LLM technologies.
Our work complements existing OWASP resources like the Top 10 lists for Web, Mobile, and API vulnerabilities, positioning our document as a peer within the OWASP ecosystem. We strive for synergy with other OWASP initiatives, such as the AI Exchange and the OWASP Top 10 for Machine Learning, to ensure a cohesive approach to security in emerging technologies.
Through this charter, we reaffirm our commitment to enhancing the security of LLM applications, inviting collaboration from all stakeholders to join us in this endeavor.