Community Insights from the OWASP Top 10 for LLM Apps 2.0 Survey

To help guide the direction of the next version of our AI Security project, the OWASP GenAI Security Project project recently launched a survey to gather feedback from our community. The results have been illuminating, providing a vision of where the community would like to see the project go. Here, we share the findings and the ideas you've contributed.

The Pulse of the Community

The survey, aimed at gauging the usefulness of the current OWASP Top 10 for LLM Apps document and identifying areas for deeper investigation, received an encouraging response from many professionals. The feedback was diverse and thought-provoking. First, it was interesting to note that most respondents to the survey didn't actively participate in creating the initial list. I believe this is due to the continual expansion of interest in this project after the initial releases.

Next up, I personally found the number of people who responded from different roles fascinating. While our document has been aimed at the Developer community, the Security community is currently the most involved. Less than 10% of the respondents identified primarily as software developers. This is an issue for our group to tackle.

A Testament to Usefulness

The community's assessment of the document's current version was overwhelmingly positive, with a significant majority rating its usefulness highly. This affirmation underscores the document's value in navigating the complex security considerations of LLM applications.

A Call for Deeper Dive

Next, we asked about what trends in LLMs are important. The answers seem to indicate that all of these trends interest our community and deserve a deeper look at some level.

If you want to stack rank them, we can plot them by their average score. This shows how closely scored the top five entries were. Autonomous agents barely nosed ahead of RAG and Multi-modal models.

Next, we asked about some of the big themes we might explore and asked the community to rate their interest.

It was interesting to see the level of interest from our Security-focused group on all of these security-adjacent topics that aren't always under the purview of security teams. Data Privacy and AI Safety were rated the highest. As a group, we'll need to debate how we might most effectively present guidance on these topics without diluting our pure security focus.

Top Themes from Your Ideas

I uploaded the results spreadsheet to ChatGPT and asked it to help me sort through all the verbatim comments and distill out common themes. Not surprisingly, LLMs are excellent at this kind of task, and the results were enlightening. We wound up distilling five key themes. I'll elaborate on those below.

1. Practical Recommendations and Use Cases

This theme emphasizes the importance of providing actionable guidance and practical examples and addressing real-world security issues that practitioners encounter in AI and LLM applications. It suggests a demand for the OWASP Top 10 for LLM Apps to offer concrete recommendations, case studies, and best practices that can be directly applied to enhance security postures.

Characteristic Quotes:

• "I think there's a need to make the document more actionable, with clear examples of vulnerabilities and how they've been exploited in the past. Real-world case studies could really help."
• "Providing a toolkit or checklist for developers on securing LLM applications would be immensely valuable. Practical steps over theoretical concepts."

2. Innovation and Forward Thinking

Reflects a desire for the project to explore emerging threats, speculative technologies, and innovative security measures. This indicates that the community values forward-looking research and incorporating cutting-edge developments into the OWASP Top 10 for LLM Apps, ensuring it remains a relevant and proactive resource.

Characteristic Quotes:

• "We should anticipate the security challenges of next-gen AI models. What's speculative today could be our reality tomorrow."
• "Exploring the potential security implications of quantum computing on LLMs might be forward-thinking but it's where we need to head."

3. Open Source and Collaboration

The interest in "source" suggests an emphasis on open-source initiatives and the value of collaborative efforts in developing security solutions. This theme highlights the community's desire for transparency, resource sharing, and collective problem-solving to enhance the security framework for LLM applications.

Characteristic Quotes:

• "An open repository of LLM vulnerabilities and patches would foster a collaborative security culture. Sharing is how we strengthen our defenses."
• "The project could benefit from more open-source tools and collaborations. Engaging with other projects could spark innovative solutions."

4. Education and Awareness

While not explicitly mentioned in the top words, the context around using examples and discussing issues hints at the broader theme of educating the developer and security communities about LLM-specific vulnerabilities and best practices. This could involve organizing workshops, creating detailed documentation, and executing outreach programs to raise awareness and understanding.

Characteristic Quotes:

• "A series of webinars or a dedicated online course on securing LLM applications could significantly raise the bar for security awareness."
• "Documentation that goes beyond the list, teaching developers how to think about security in the context of AI, would be a game changer."

5. Global and Regulatory Perspectives

Including broader topics such as "government regulation" in other parts of the survey points to an interest in understanding how global regulatory environments impact AI and LLM security. This theme covers the need for the OWASP Top 10 for LLM Apps to consider the legal and compliance issues and the implications of AI ethics and sustainability.

Characteristic Quotes:

• "Considering the global push for AI regulation, our guidelines should preemptively align with expected legal standards."
• "Sustainability and ethical use of AI are becoming critical. Our security practices need to reflect these global concerns."

Read To Participate?

The first phase of the 2.0 project is an open brainstorming phase. There are no rules - other than to be polite and civil. This first phase of brainstorming will take place on the OWASP Slack instance. You can sign up here for free if you still need to join. Once there, you should join the #project-top10-for-llm channel, as that's where we make significant announcements. More specifically, we've just launched a new channel specific to version 2 brainstorming. Join #team-llm-v2-brainstorm to jump into the fun!

Not ready for that level yet? Then, be sure to follow us at OWASP GenAI Security Project and stay up to speed with the news about the project.