Announcing: OWASP Top 10 for Large Language Model Applications v2.0 Project
Steve Wilson
CPO at Exabeam | Lead for OWASP Top 10 for Large Language Model AI Security | Driving AI-Powered Product Innovation
We're thrilled to announce the next phase in our journey – the development of OWASP Top 10 For Large Language Model Applications v2.0. This initiative marks a leap forward in our efforts to tame the security landscape of advanced AI technologies.
While version 1.1 was a considerable effort with a substantial impact, version 2.0 will represent the first major revision to the list. For this new version, everything is on the table. We’ll reevaluate the top vulnerabilities, how we classify them, and decide on relative rankings. Version 2.0 will have a significant new focus on data gathering and using that data to improve our recommendations. The data-gathering team, led by Emmanuel Guilherme, is currently focused on mapping CWEs to LLM vulnerabilities and will do more as part of this project.
Join the Collaboration and Survey:
Read to jump in and contribute? Pick one or more of the following items and do it today:
Fill out our survey to help decide on the group’s focus for version 2.0
Sign up for OWASP slack workspace and join the 900+ people on our main project channel - #project-top10-for-llm
Would you rather follow along here on LinkedIn? Sign up and join the 1,100+ people following our LinkedIn page - OWASP Top 10 For Large Language Model Applications
Or, join the 500+ people signed up for our monthly mailing list
Since the project's inception in May of 2023, we’ve hit major milestones, and our documents have had a tremendous impact.
Version 1.0: Released in August 2023: Our foundational list set the stage for a global conversation on LLM application security.
Version 1.1: in October 2023: An update that refined and expanded upon our initial findings. Thanks to Ads Dawson for leading the big update.
Localizations: Completed in January 2024: We've made our resources more accessible by localizing them into Chinese, Hindi, and Portuguese. Kudos to Talesh Seeparsan, who's leading our localization teams.
Expanded Audience: While the core Top 10 list targets developers, the group has expanded with a CISO-level checklist. Reach out to Sandy Dunn to get involved in this project changing the nature of corporate AI governance.
Cross Group Alignment: Our team members joined forces with Rob van der Veer and OWASP ML Top 10 and OpenCRE members to form the OWASP AI Exchange - an organization impacting groups across the industry.
Government and Standards Involvement: Our team influences leading government and standards organizations, including CEN/CENELEC, CSA, ISO, MITRE, NIST, and various National Cyber Security Centers (NCSCs). Shout out to John Sotiropoulos for leading our standards engagement team.
Commercial Cooperation: We're also collaborating with a new generation of AI security companies, such as Giskard, Lakera, Prompt Security, Protect AI, and Robust Intelligence - to name just a few.
This is an open call to join one of the most impactful groups making a real difference in AI safety and security. Whether you are a developer, a security professional, a researcher, or someone passionate about AI security, your contribution can make a difference. Together, we can shape the future of Large Language Model Applications security.
Empowering societies to thrive in hostile environments
3moThank you for keeping this initiative alive! We are at the forefront of LLMs as a commodity. And making sure companies can use them safely and responsibly is a huge boost in ensuring its successful adoption. People working on the OWASP Top 10 LLM are also cool and passionating people to work with :)
Sr. Principal Risk Specialist at FINRA
3mo🤩
Great initiative, Steve. Will sign up shortly.
Reposted to our #cybersecurityjob network for more visibility. Great share, thank you!