The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents ...

The rapid evolution of AI has moved us beyond simple chatbots into the era of agentic applications, systems that can plan, reason, and act autonomously across multiple steps. From finance and ...

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...

Direct prompt injection occurs when a user crafts input specifically designed to alter the LLM’s behavior beyond its intended boundaries.

In an increasingly interconnected digital world, web applications are the backbone of online services. With this ubiquity comes a significant risk: web applications are prime targets for cyberattacks.

Sensitive information disclosure via large language models (LLMs) and generative AI has become a more critical risk as AI adoption surges, according to the Open Worldwide Application Security Project ...

2021 saw a major revamp of the OWASP top 10 most critical and severe application security risks. The first article in this series examined the new methodology that OWASP used to derive its ranking.

The Open Worldwide Application Security Project (OWASP) has earned a reputation as a trusted authority in application security. Its most widely recognised contribution, the OWASP Top 10, serves as a ...

According to a report released by Akamai earlier this year, API calls now represent 83% of all web traffic. Web-enabled applications already have 40% of their attack surface in the form of APIs ...