All notable changes to the OWASP Top 10 for LLM Applications project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
v1.1 Instructions for the Expert Group reference
- Spelling, grammer, formatting clean ups via an agreed IDE code linter for Vulnerability Entry Leads to prevent future errors and standard conformity throughout the repo.
- Enhancements, updates and recommendations to each vulnerability entry via community-raised GitHub issues within the repo which were then triaged to the corresponding vulnerability entry lead for triage and resolution through Pull Requests to the repo
v1.1
directory.
- Architected a
CODEOWNERS
file and branch protection rules in aid to audit and control CI/CD workflow and updates of the repo against the default branch. - Redesign of the repo style and layout guidelines for vulnerability entries
- Inclusion of artifacts (visual diagrams) which maps the Top 10 entries against a typical LLM application and client/server interaction
- Translations in Chinese, Hindi and Portugese (01-03-2024)
- We added an automated meeting for our biweekly schedule here:
- 👉 Download the official
.ical
here to import into your calendar application.
- 👉 Download the official
- We also introduced an OWASP Top 10 for Large Language Model Applications Newsletter for signup of notifications about the project.
- 👀 The November 2023 newsletter will include a call for opportunity to participate in an open-source project with Ads to create a DV-LLMA (Damn Vulnerable LLM Application) to test and hone your skills as well as a fun learning and development experience for LLM application vulnerabilities.
- The OWASP LLM Top 10 continues to translate the list into different languages! This is done by multilingual members (humans)
- If you're fluent in another language and willing to help, email us at:
[email protected]
- If you're fluent in another language and willing to help, email us at:
- Initial official release of the OWASP Top 10 for LLM Applications based on two months of working group efforts.
- Engagement from over 485 experts and contributions from over 130 experts in the field of AI and application security.
- Second draft of the OWASP Top 10 for LLM Applications based on working group input.
- Initial draft of the OWASP Top 10 for LLM Applications based on working group input.
- Version 0.1 "straw man" list published
- Project inception and approval by the OWASP board.
- Project homepage created on the OWASP website.
- GitHub repository for direct participation and contributions.
- OWASP Slack Workspace channel for discussions.
Added
: for new features.Changed
: for changes in existing functionality.Deprecated
: for soon-to-be removed features.Removed
: for now removed features.Fixed
: for any bug fixes.Security
: in case of vulnerabilities.