Updates on the OWASP Top 10 for LLM Applications Project V2

Since its inception in May 2023, the OWASP Top 10 for LLM Applications Project has experienced unprecedented growth, swiftly becoming a cornerstone in cybersecurity for AI applications. With its first release in August and a significant update in October, the Top 10 list has been heralded across the industry, earning citations from government agencies, standards bodies, academic circles, and businesses of every size. Building on this momentum, we introduced the LLM AI Cybersecurity & Governance Checklist, broadening our impact to directly engage with CISOs and compliance officers.

As we move forward, the excitement within our community is palpable, especially with the recent announcement of the Version 2 (V2) project. Following extensive brainstorming sessions and stakeholder surveys, we're thrilled to share some important updates today.

1. Expanded Charter: Reflecting on the success of our initiatives, we've officially broadened our group's charter. This expansion isn't just about extending beyond the Top 10 document; it's a commitment to embracing a broader spectrum of resources for various audiences, inspired by the positive reception of our cybersecurity checklist. Moreover, our focus will shift to encompass the broader expanse of Generative AI beyond the confines of Large Language Models. You can check out the new charter document here.

2. The V2 Roadmap: Incorporating feedback from our initial brainstorming, this roadmap sets the stage for a series of generation, voting, and intensive analysis phases, each designed to enrich our understanding and guidance on LLM vulnerabilities. Here’s a glance at our planned timeline:

• April 15 - April 30, 2024: Voting on existing entries
• May 1 - May 8, 2024: Collation and publication of voting results
• May 15 - June 15, 2024: Call for new entries
• June 16 - June 30, 2024: Entry Voting
• July 1 - July 15, 2024: Voting collation and publication
• July 15 - Aug 1, 2024: Merging & Down selection
• Aug 1 - Sep 1, 2024: Data Analysis & Voting for Ranking
• Sep 1 - Sep 15, 2024: Entry Clean Up
• Sep 15 - Sep 30, 2024: Layout and pre-announcement work
• Oct 1, 2024: Publish V2

This roadmap maintains our tradition of community-driven selection and emphasizes a more data-driven approach, incorporating real-world exploit data into our analysis.

3. Introducing the Update Core Team: Our project thrives on the dedication and expertise of our core team and community members. It's with great pleasure that we spotlight Ads Dawson , who will be spearheading the V2 Top 10 List as I continue to guide the project's overarching direction. The core team for the V2 project includes:

• Steve Wilson : Project Lead
• Ads Dawson : V2 Top 10 List Lead
• Sandy Dunn : CISO Checklist Lead
• Emmanuel Guilherme : Data Gathering Methodology Lead
• Andy Smith: Feedback Lead
• Scott Clinton : Industry Engagement and Outreach Lead
• Talesh Seeparsan : Localization Lead
• Aubrey King : Public Relations Lead
• John Sotiropoulos : Standards Lead
• Jason Ross : Style & Publishing Lead
• Leon Derczynski : Expert
• Rachit S. : Expert
• Eugene Neelou : Expert
• Ken Huang, CISSP : Expert
• Itamar Golan : Expert
• Leonardo Kenji Shikida, CSSLP : Expert

This talented group of professionals represents the diversity of knowledge and passion fueling our project. From data gathering to industry engagement, each member plays a crucial role in shaping the future of LLM application security.

We invite you to join us as we embark on this next phase. Whether you're an expert or passionate about AI and cybersecurity, your contribution can make a significant difference. Together, we'll continue to advance the security of LLM applications, setting new standards for safety and efficacy in the rapidly evolving landscape of Generative AI.

Want to join us? Check out this page for more details on where to connect and how to contribute!