The OWASP Top 10 for Large Language Model Applications are mitigated in the development of large language model applications.
LLM-based systems interact with various extensions, tools, and external systems. Without strict control, excessive functionality, permissions, or autonomy can lead to unintended or damaging actions, including unauthorized data modification or system compromise. Minimizing extension capabilities, enforcing strict permissions, and requiring human approval for critical actions mitigate these risks.
Limit the functions and extensions available to LLMs to only those essential for their intended operations. Implement principle of least privilege by restricting the permissions granted to extensions and ensuring they do not perform unintended actions. Avoid open-ended extensions that could be manipulated to execute unauthorized commands. Use human-in-the-loop control mechanisms for high-impact actions, requiring user approval before execution. Apply complete mediation by enforcing security checks in downstream systems rather than relying on the LLM to make authorization decisions. Monitor all interactions between LLM agents and external systems, logging actions to detect and respond to anomalies. To further strengthen security, sanitize both inputs and outputs to prevent prompt injection attacks from altering the behavior of LLM-based applications.
| ID | Operation | Description | Phase | Agent |
|---|---|---|---|---|
| SSS-02-05-06-01-01 | Minimize extension functionality | Restrict extensions and tools to include only the necessary functions required for the LLM’s intended operation. | Development | Development team, Security team |
| SSS-02-05-06-01-02 | Enforce least privilege for extensions | Ensure extensions interact with downstream systems using the minimum permissions necessary, preventing unauthorized actions like data deletion or modification. | Deployment | Security team, Operation team |
| SSS-02-05-06-01-03 | Require user approval for high-impact actions | Implement human-in-the-loop mechanisms that require manual user confirmation for high-risk operations like financial transactions or data deletion. | Post-deployment | Product team, Security team |
| SSS-02-05-06-01-04 | Implement monitoring and anomaly detection | Log and analyze LLM-driven interactions with external systems to detect excessive or unexpected actions. Apply rate-limiting to prevent rapid unauthorized operations. | Post-deployment | Security team, Operation team |
| SSS-02-05-06-01-05 | Sanitize LLM inputs and outputs | Apply OWASP ASVS-based validation and sanitization techniques to prevent prompt injection and command execution vulnerabilities. | Development | Security team, Operation team |
| Industry framework | Academic work | Real-world case |
|---|---|---|
|
Information Security Manual (ISM-1923) OWASP Top 10 for LLM OWASP Top 10 for LLM (LLM06:2025) |