Skip to content

V2 (2024) New Entry Submissions

Ads Dawson edited this page Sep 27, 2024 · 4 revisions

Immediate call to action for entry and emerging candidate leads

As of 09-27-2024, our project for the v2 (2024) list is slightly behind track. This block provides an immediate call to action for leads assigned to vulnerability entry leads and emerging candidates leads:

  • Vulnerability entry leads = Principles assigned within the core team of the project assigned to "LLM** Vulnerability Entries" as per the current 2024 top 10 for LLM applications list, derived from current progress and the 2023 version
    • Submit entry enhancements, updates from the community and LLMXX-Slack channels/individual research/industry trends and examples as well as linguistic knowledge on expand of the vulnerability from the 2023 list
    • Vulnerability entries should be updated due to the nonsensical manner of some of the current entry namings, they should align to what defines a vulnerability and therefore not include naming conventions such as "insecure" etc.
Vulnerability Entry (2024 List) Vulnerability Entry Lead
Prompt Injection Rachel James
Insecure Output Handling Ken Huang
Supply Chain Vulnerabilities Aruneesh Salhotra
Sensitive Information Disclosure Ads Dawson
Excessive Agency Andrew Smith
Data and Model Poisoning Ads Dawson
Insecure Plugin Design DEPRECATE (John S)
Unbounced Consumption Ads Dawson
Overreliance Steve Wilson
TBC TBC
  • Emerging candidates leads = Principles assigned within the core team of the project to "Emerging Candidates" eligible for promotion to the 2024 top 10 for LLM applications list
    • Submit entries, following feedback and collaboration from the community as per the #team-llm-v2-brainstorm Slack channel
Vulnerability Entry (2024 List) Vulnerability Entry Lead
RAG Krishna Sanka
Backdoor Attacks Ads Dawson
System Prompt Leakage Aditya Rana
Insecure Design John S

Due date - Friday October 4 2024, 17:00pm ET.




ARCHIVE

# Submitting a New Candidate Vulnerability

This phase of the 2.0 project will run from May 15 to June 15 per the v2.0 Roadmap. During this phase, teams may continue improving the 1.1 entries by communicating using their existing Slack Channels. The master files for the upgraded 1.1 vulns are located here. This is a generative phase of the project parallel to optimizing existing vulnerabilities. That means it is time to use your creativity! To that end, we have created a new folder for new entries. These may be entirely new concepts or perhaps substantial rouge upgrades to existing 1.1 vulnerabilities! There are no limits! However, there are some simple rules to follow to keep order. ## New Submission Process * New candidates folder is here * Follow the instructions by cloning the template * Be sure to follow the naming conventions when uploading your new file and fill out the template completely ## What's Next After June 15, we'll evaluate the new submissions and select ones to proceed per the roadmap. More details will follow later. ## Discuss More Have questions, comments or what to discuss? Please pop onto the team-llm-v2-brainstorm on the OWASP Slack instance