In this guide, we discuss security issues related to GenAI, in particular Large Language Model-based tools (LLMs). We present the main vulnerabilities to consider while developing AI-based applications and identify corresponding mitigations. Our discussion is based on OWASP top 10 for LLM.

The guide focuses on the following security topics:

• Prompt injection
• Training data poisoning
• Insecure output handling
• Insecure plugin design
• Excessive agency