🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney.

OWASP LLM Top 10 · 2025 edition

OWASP LLM Top 10 Challenges

Train your team against the OWASP Top 10 for LLM Applications 2025. Developers harden real AI apps against prompt injection, poisoned models and rogue MCP tools — before attackers try the same in production.

Capability, not checkbox compliance

Hands-On Challenges for Every Category

If your teams are shipping AI features, the OWASP Top 10 for LLM Applications is the standard they will be measured against. The 2025 edition adds System Prompt Leakage, Vector and Embedding Weaknesses, and Unbounded Consumption. Every challenge below is a real AI application with a real vulnerability: developers fix it without breaking functionality, and every verified fix becomes reportable evidence of AI security capability.

New to LLM security?

AI Security Engineer — the course

A guided introduction to the OWASP LLM Top 10 and secure coding for LLM apps: real attack scenarios like prompt injection and sensitive data disclosure, the defensive patterns that stop them, and hands-on practice on SecDim.

Start the Course
LLM02:2025

Sensitive Information Disclosure

LLM apps that leak confidential data, proprietary algorithms or personal information through their responses.

LLM05:2025

Improper Output Handling

Model output passed to other components without validation or sanitisation, turning the LLM into an injection vector.

LLM08:2025

Vector and Embedding Weaknesses

Weaknesses in RAG pipelines: poisoned knowledge bases, embedding inversion and cross-tenant leakage.

LLM10:2025

Unbounded Consumption

Uncontrolled inference costs and resource use: model denial of service, denial of wallet and service degradation.

Roll it out

Turn the Standard Into a Training Program

Assign these challenges to your team as learning pathways, track verified fixes, and report OWASP LLM Top 10 coverage to auditors, customers and the board — with evidence, not attendance sheets.