OWASP LLM Top 10 Alignment
SoterAI maps product controls to OWASP LLM Top 10 risk categories as a practical alignment guide. Alignment is not certification.
LLM01 Prompt Injection
Input/output guardrails, document scanning, red-team regression tests, and policy enforcement.
LLM02 Sensitive Information Disclosure
PII and secret redaction, safe logs, webhook payload minimization, and audit exports.
LLM03 Supply Chain
Self-hosted deployment guidance, dependency audit checks, and vendor-risk documentation.
LLM04 Data and Model Poisoning
RAG quarantine, trust scoring, approved-source indexing, and feedback review.
LLM05 Improper Output Handling
Unsafe output detection, rewrite/block decisions, and downstream webhook safety.
LLM06 Excessive Agency
Policy controls, authorized red-team scope, and integration payload redaction.
LLM07 System Prompt Leakage
System prompt leak detection and persistence safeguards.
LLM08 Vector and Embedding Weaknesses
Tenant namespaces, ACL post-filtering, and retrieval audit logs.
LLM09 Misinformation
Grounding guard, citation checks, and no-source fallback.
LLM10 Unbounded Consumption
Rate limiting, quotas, billing controls, and admin overrides.