Progress 0 / 22 questions answered

OWASP Top 10 for LLM Applications Checklist

Assess your LLM application security based on the OWASP Top 10. 22 questions, 5 categories.

Prompt & Input Vulnerabilities

LLM01 Prompt Injection, LLM03 Training Data Poisoning

Do you have protection against prompt injection attacks (e.g., system prompt extraction, jailbreaking)?

Prompt injection is one of the most common LLM attacks.

Multi-layer defense: input validation + output filtering + prompt guards Input validation and content filtering are in place Only basic input sanitization No prompt injection protection

Do you protect the LLM against indirect prompt injection (e.g., malicious content from external sources)?

Indirect injection comes from external documents or websites.

Strict validation and sandboxing of external content Whitelisting of external sources No protection against indirect injection

Do you have comprehensive input validation and sanitization for LLM prompts?

Input validation is the first line of defense.

Multi-level validation: length, content, special characters, prompt patterns Basic length and content validation Minimal or no validation

Do you verify training data integrity and protect against data poisoning?

Data poisoning can corrupt LLM behavior.

Full data provenance tracking and automated poisoning detection Using trusted sources with manual review Basic data quality checks No protection against data poisoning

Are fine-tuning/RAG data handled and verified securely?

RAG and fine-tuning data are as critical as training data.

Strict data validation and access control for fine-tuning/RAG data Basic access control is in place No special protection

Model & Output Security

LLM02 Insecure Output Handling, LLM06 Sensitive Information Disclosure

Are LLM outputs sanitized before being displayed (e.g., for XSS, injection protection)?

LLM output can be a source of malicious code.

Full output encoding and context-aware sanitization HTML encoding is in place No output sanitization

Do you have automatic filtering in LLM outputs for sensitive information (PII, secrets, API keys)?

LLMs can accidentally leak sensitive information.

Real-time PII/secret detection and redaction Post-processing filtering is in place Only manual review No sensitive info filtering

Is the LLM prevented from disclosing system prompts, training data, or internal operations?

System prompt leaks can compromise security.

Proactive disclosure prevention: prompt guards + output filtering Basic output filtering No disclosure prevention

Do you have mechanisms to detect LLM hallucinations (false information)?

Hallucinations can lead to harmful decisions.

Automatic fact-checking and confidence scoring Manual review for critical responses A user disclaimer is in place No hallucination detection

Supply Chain & Plugin Security

LLM05 Supply Chain, LLM07 Insecure Plugin Design

Do you verify the source and integrity of LLM models used (e.g., model checksum)?

Compromised models may contain backdoors.

Verified sources + cryptographic signature verification Only using trusted providers No source verification

Do LLM plugins and extensions undergo security review before installation?

Plugins open new attack surfaces.

Formal security review + sandboxing for every plugin Using trusted plugin registry Basic checking No plugin security review

Do plugins operate on the least privilege principle (minimal permissions)?

Excessive permissions endanger the system.

Granular permission model for every plugin Basic permission control No permission restriction

Do you regularly scan LLM dependencies (libraries, models) for vulnerabilities?

Dependency vulnerabilities can be exploitation targets.

Automatic vulnerability scanning and alerting Manual review for major updates No dependency scanning

Is data returned by plugins validated before the LLM processes it?

Plugin output injection can compromise the LLM.

Strict schema validation for every plugin output Basic type checking No plugin output validation

Access Control & Authorization

LLM08 Excessive Agency, LLM09 Overreliance

Are actions performed by the LLM (e.g., API calls, data modification) authorized?

Unauthorized actions can cause serious damage.

Every LLM action requires explicit user authorization Authorization for critical operations No action-level authorization

Are the LLM's permissions limited and cannot exceed user permissions?

Excessive agency can lead to privilege escalation.

Strict scope limitation and permission inheritance Basic role-based access control No permission limitation

Is there human confirmation for critical operations (e.g., delete, payment)?

A human-in-the-loop approach protects against incorrect LLM decisions.

Mandatory human approval for all critical operations Confirmation for major operations No human-in-the-loop

Do you have mechanisms to mitigate LLM overreliance (e.g., confidence scores, disclaimers)?

Overreliance can lead to dangerous decisions.

Confidence scores + source attribution + disclaimers Disclaimers on LLM responses No overreliance mitigation

Denial of Service & Resource Management

LLM04 Model DoS, LLM10 Model Theft

Do you have rate limiting on the LLM API per user/IP?

Rate limiting protects against DoS attacks.

Granular rate limiting + adaptive throttling Basic rate limiting is in place No rate limiting

Do you have token/cost limits per user or session?

Resource quotas protect against cost explosion.

Strict quotas + cost monitoring + alerting A basic quota is in place No resource quota

Is input prompt length limited to prevent DoS attacks?

Excessively long prompts can overload the LLM.

Dynamic length limiting based on context A fixed maximum length is set No length validation

Do you have protection against LLM model extraction/theft (e.g., query pattern detection)?

Model theft threatens IP and competitive advantage.

Anomaly detection + watermarking + query monitoring Query monitoring is in place No model theft prevention

Your AI Security Assessment

/100

📧 Get your results via email

We will send you the complete report with all answers and recommendations

I accept the Terms of Use.

Want a deeper analysis?

Our experts can help with a detailed AI Red Team audit

Schedule Free Consultation →

Is your LLM app safe from Prompt Injection?

Take our 3-Minute OWASP LLM Top 10 Checklist! Large Language Models (LLMs) introduce new vulnerabilities like prompt injection and data leakage. This quick, red-teaming focused audit helps you assess your defenses against the 10 most critical OWASP LLM threats. Complete it in 3 minutes to get an instant score on your app’s security!

We’ll email the vulnerability report.