The OWASP Top 10 for Large Language Model Applications are mitigated in the development of large language model applications.
Ensure that outputs generated by LLMs are properly validated, sanitized, and encoded before being passed to downstream systems to prevent security vulnerabilities such as remote code execution, SQL injection, and cross-site scripting (XSS). Adopt a zero-trust approach to model outputs and implement strict security controls, including context-aware output encoding, input validation, and anomaly detection.
Improper output handling occurs when LLM-generated responses are passed to other components without proper validation, sanitization, or security controls. This can lead to critical security vulnerabilities such as XSS, SQL injection, remote code execution (RCE), and privilege escalation. Attackers can manipulate prompts to generate malicious outputs that interact with backend systems, bypass security controls, and execute unintended actions. Some high-risk scenarios include LLM-generated content being injected into system shells, web browsers rendering JavaScript or Markdown without escaping, and LLM-based SQL queries being executed without parameterization. To mitigate these risks, organizations should treat LLM outputs as untrusted data, applying strict input validation, output encoding, and context-aware escaping. Following OWASP ASVS guidelines for input validation ensures that model responses do not trigger undesired executions in different contexts. Content Security Policies (CSP) should be strictly enforced to prevent XSS attacks, and robust logging and monitoring should be implemented to detect anomalies or suspicious behavior in LLM outputs. Using parameterized queries for database interactions further reduces the risk of SQL injection.
| ID | Operation | Description | Phase | Agent |
|---|---|---|---|---|
| SSS-02-05-05-01-01 | Validate and sanitize LLM-generated outputs | Implement context-aware sanitization and validation checks for all LLM-generated outputs before passing them to downstream applications. | Development | Security team, Development team |
| SSS-02-05-05-01-02 | Enforce output encoding based on usage context | Apply HTML encoding for web content, SQL escaping for database queries, and JavaScript escaping for client-side execution to prevent exploitation. | Development | Development team |
| SSS-02-05-05-01-03 | Adopt parameterized queries for database interactions | Use prepared statements and parameterized queries for all database operations involving LLM outputs to prevent SQL injection. | Development | Security team, Dvelopment team |
| SSS-02-05-05-01-04 | Implement strict content security policies (CSP) | Apply CSP rules to prevent LLM-generated content from executing unintended JavaScript code, reducing XSS risks. | Deployment | Security team, DevOps team |
| SSS-02-05-05-01-05 | Monitor and log LLM-generated outputs for anomalies | Deploy automated anomaly detection and real-time logging to track and respond to suspicious LLM outputs, preventing exploitation attempts. | Post-deployment | Security team, DevOps team |
| Industry framework | Academic work | Real-world case |
|---|---|---|
|
Information Security Manual (ISM-1923) OWASP Top 10 for LLM OWASP Top 10 for LLM (LLM05:2025) |