-
-
Notifications
You must be signed in to change notification settings - Fork 140
V2 (2024) New Entry Submissions
As of 09-27-2024, our project for the v2 (2024) list is slightly behind track. This block provides an immediate call to action for leads assigned to vulnerability entry leads and emerging candidates leads:
- Vulnerability entry leads = Principles assigned within the core team of the project assigned to "LLM** Vulnerability Entries" as per the current 2024 top 10 for LLM applications list, derived from current progress and the 2023 version
- Submit entry enhancements, updates from the community and
LLMXX
-Slack channels/individual research/industry trends and examples as well as linguistic knowledge on expand of the vulnerability from the 2023 list - Vulnerability entries should be updated due to the nonsensical manner of some of the current entry namings, they should align to what defines a vulnerability and therefore not include naming conventions such as "insecure" etc.
- Submit entry enhancements, updates from the community and
Vulnerability Entry (2024 List) | Vulnerability Entry Lead |
---|---|
Prompt Injection | Rachel James |
Insecure Output Handling | Ken Huang |
Supply Chain Vulnerabilities | Aruneesh Salhotra |
Sensitive Information Disclosure | Ads Dawson |
Excessive Agency | Andrew Smith |
Data and Model Poisoning | Ads Dawson |
Insecure Plugin Design | DEPRECATE (John S) |
Unbounced Consumption | Ads Dawson |
Overreliance | Steve Wilson |
TBC | TBC |
- Emerging candidates leads = Principles assigned within the core team of the project to "Emerging Candidates" eligible for promotion to the 2024 top 10 for LLM applications list
- Submit entries, following feedback and collaboration from the community as per the #team-llm-v2-brainstorm Slack channel
Vulnerability Entry (2024 List) | Vulnerability Entry Lead |
---|---|
RAG | Krishna Sanka |
Backdoor Attacks | Ads Dawson |
System Prompt Leakage | Aditya Rana |
Insecure Design | John S |
Due date - Friday October 4 2024, 17:00pm ET.
ARCHIVE
# Submitting a New Candidate Vulnerability
This phase of the 2.0 project will run from May 15 to June 15 per the v2.0 Roadmap.
During this phase, teams may continue improving the 1.1 entries by communicating using their existing Slack Channels. The master files for the upgraded 1.1 vulns are located here.
This is a generative phase of the project parallel to optimizing existing vulnerabilities. That means it is time to use your creativity! To that end, we have created a new folder for new entries. These may be entirely new concepts or perhaps substantial rouge upgrades to existing 1.1 vulnerabilities! There are no limits! However, there are some simple rules to follow to keep order.
## New Submission Process
* New candidates folder is here
* Follow the instructions by cloning the template
* Be sure to follow the naming conventions when uploading your new file and fill out the template completely
## What's Next
After June 15, we'll evaluate the new submissions and select ones to proceed per the roadmap. More details will follow later.
## Discuss More
Have questions, comments or what to discuss? Please pop onto the team-llm-v2-brainstorm
on the OWASP Slack instance